Day: August 17, 2021

REST API batch-queries code injection

A vulnerability classified as critical was found in up to 3.8.20/3.10.7. This vulnerability affects an unknown functionality of the file

Common Vulnerabilities and Exposures

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E prior 01.03.29.16 SD Card code injection

A vulnerability, which was classified as critical, has been found in Lenovo Smart Camera X3, Smart Camera X5 and Smart

Common Vulnerabilities and Exposures

Dolibarr up to 13.0.2 access control [CVE-2021-25956]

A vulnerability, which was classified as critical, was found in Dolibarr up to 13.0.2 (Enterprise Resource Planning Software). Affected is

Common Vulnerabilities and Exposures

Dolibarr up to 13.0.2 password recovery [CVE-2021-25957]

A vulnerability has been found in Dolibarr up to 13.0.2 (Enterprise Resource Planning Software) and classified as critical. Affected by

Common Vulnerabilities and Exposures

Motorola MM1000 Device Configuration Portal improper authentication

A vulnerability was found in Motorola MM1000 (affected version not known) and classified as critical. Affected by this issue is

Common Vulnerabilities and Exposures

Motorola MM1000 Device Configuration Web Server os command injection

A vulnerability was found in Motorola MM1000 (the affected version unknown). It has been classified as critical. This affects some

Common Vulnerabilities and Exposures

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E improper authorization

A vulnerability was found in Lenovo Smart Camera X3, Smart Camera X5 and Smart Camera C2E (the affected version is

Common Vulnerabilities and Exposures

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection

A vulnerability was found in Lenovo Smart Camera X3, Smart Camera X5 and Smart Camera C2E (unknown version). It has

Common Vulnerabilities and Exposures

Lenovo Driver Management prior 2.9.0719.1104 signature verification

A vulnerability classified as critical has been found in Lenovo Driver Management (Hardware Driver Software). Affected is some unknown functionality.

Common Vulnerabilities and Exposures

IBM API Connect up to 5.0.8.10 HTTP Host Header injection

A vulnerability was found in IBM API Connect up to 5.0.8.10 (Automation Software). It has been declared as problematic. Affected

Common Vulnerabilities and Exposures

IBM DataPower Gateway up to 2018.4.1.16 cross-site request forgery

A vulnerability was found in IBM DataPower Gateway up to 2018.4.1.16. It has been rated as problematic. Affected by this

Common Vulnerabilities and Exposures

SeaCMS 10.7 admin_manager.php cross-site request forgery

A vulnerability classified as problematic has been found in SeaCMS 10.7. This affects an unknown function of the file admin_manager.php.

Common Vulnerabilities and Exposures

CVE-2021-34659: Plugmatter Pricing Table Lite Plugin up to 1.0.32 on WordPress Parameter ~/license.php email cross site scripting

Overview A vulnerability was found in Plugmatter Pricing Table Lite Plugin up to 1.0.32 on WordPress (WordPress Plugin) and classified

Common Vulnerabilities and Exposures

jQuery Tagline Rotator Plugin up to 0.1.5 on WordPress jquery-tagline-rotator.php $_SERVER['PHP_SELF'] cross site scripting

A vulnerability was found in jQuery Tagline Rotator Plugin up to 0.1.5 on WordPress (JavaScript Library). It has been classified

Common Vulnerabilities and Exposures

Day: August 17, 2021

REST API batch-queries code injection

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E prior 01.03.29.16 SD Card code injection

Dolibarr up to 13.0.2 access control [CVE-2021-25956]

Dolibarr up to 13.0.2 password recovery [CVE-2021-25957]

Motorola MM1000 Device Configuration Portal improper authentication

Motorola MM1000 Device Configuration Web Server os command injection

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E improper authorization

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection

Lenovo Driver Management prior 2.9.0719.1104 signature verification

IBM API Connect up to 5.0.8.10 HTTP Host Header injection

IBM DataPower Gateway up to 2018.4.1.16 cross-site request forgery

SeaCMS 10.7 admin_manager.php cross-site request forgery

CVE-2021-34659: Plugmatter Pricing Table Lite Plugin up to 1.0.32 on WordPress Parameter ~/license.php email cross site scripting

jQuery Tagline Rotator Plugin up to 0.1.5 on WordPress jquery-tagline-rotator.php $_SERVER['PHP_SELF'] cross site scripting

WP SEO Tags Plugin up to 2.2.7 on WordPress Parameter ~/wp-seo-tags.php saq_txt_the_filter cross site scripting

Add Sidebar Plugin up to 2.0.0 on WordPress Parameter ~/wp_sidebarMenu.php add cross site scripting

Calendar_plugin up to 1.0 on WordPress ~/calendar.php $_SERVER['PHP_SELF'] cross site scripting

SP Project & Document Manager Plugin up to 4.25 on WordPress ~/functions.php from/to cross site scripting

bblfshd and/or path traversal

Dell EMC PowerScale OneFS up to 9.2.x exceptional condition [CVE-2021-21592]

Proxyee-Down Extension Script os command injection [CVE-2021-32826]

Dell EMC PowerScale OneFS up to 9.1.0.x /ifs uninitialized resource

Lin-CMS-Flask 0.1.1 app/api/cms/user.py login excessive authentication

Node.js up to 12.22.3/14.17.3/15.x Domain Name Server null termination