High Priority Vulnerabilities

The High Priority Vulnerabilities to watch and act upon.

Vendor — ProductDescriptionPublishedCVSS ScoreSource & Patch Info
apache — nuttxApache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2021-06-217.5CVE-2021-26461
CONFIRM
autoptimize — autoptimizeThe Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the “Import Settings” feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the “Import Settings” functionality to achieve Remote Code Execution.2021-06-217.5CVE-2021-24376
CONFIRM
ayecode — location_managerIn the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues.2021-06-217.5CVE-2021-24361
MISC
CONFIRM
cleo — lexicomAn issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.2021-06-187.5CVE-2021-33576
MISC
MISC
contiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-187.5CVE-2021-21281
MISC
CONFIRM
contiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-187.5CVE-2021-21280
MISC
CONFIRM
contiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-187.8CVE-2021-21279
CONFIRM
contiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG’s two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-187.5CVE-2021-21282
MISC
CONFIRM
google — androidIn updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-1692557972021-06-217.2CVE-2021-0478
MISC
google — androidIn handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1818600422021-06-218.3CVE-2021-0507
MISC
google — androidIn the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1799750482021-06-217.2CVE-2021-0505
MISC
google — androidIn p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1816604482021-06-217.5CVE-2021-0516
MISC
greenbone — greenbone_security_assistantGreenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.2021-06-217.5CVE-2018-25016
MISC
MISC
jenkins — generic_webhook_triggerJenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2021-06-187.5CVE-2021-21669
CONFIRM
MLIST
joomla — joomla\!Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.2021-06-217.5CVE-2010-1435
MISC
MISC
joomla — joomla\!Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.2021-06-217.5CVE-2010-1433
MISC
MISC
primion-digitek — secure_8Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.2021-06-187.5CVE-2021-3604
CONFIRM
CONFIRM
radykal — fancy_product_designerThe Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.2021-06-217.5CVE-2021-24370
MISC
CONFIRM
serenityos — serenityosSerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.2021-06-187.5CVE-2021-31272
MISC
MISC
MISC
CONFIRM
textpattern — textpatternTextpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.2021-06-217.5CVE-2020-19510
MISC
txjia — imcatSQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.2021-06-237.5CVE-2020-20392
MISC
white_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.2021-06-217.5CVE-2020-20466
MISC
white_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.2021-06-219CVE-2020-20471
MISC