CVE-2021-40170 - An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an ... read CVE-2021-40170
Published: December 15, 2021; 2:15:07 AM -0500

V3.1: 6.8 MEDIUM
V2.0: 5.8 MEDIUM

CVE-2021-38961 - IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... read CVE-2021-38961
Published: December 27, 2021; 12:15:07 PM -0500

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-45099 - ** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; howev... read CVE-2021-45099
Published: December 16, 2021; 12:15:08 AM -0500

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-45711 - An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.
Published: December 26, 2021; 7:15:10 PM -0500

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-45710 - An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
Published: December 26, 2021; 7:15:10 PM -0500

V3.1: 8.1 HIGH
V2.0: 5.1 MEDIUM

CVE-2021-45709 - An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.
Published: December 26, 2021; 7:15:10 PM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2020-36513 - An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.
Published: December 26, 2021; 7:15:08 PM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2020-36512 - An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.
Published: December 26, 2021; 7:15:08 PM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-25993 - In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the ... read CVE-2021-25993
Published: December 29, 2021; 12:15:07 PM -0500

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2021-45903 - A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than C... read CVE-2021-45903
Published: December 28, 2021; 9:15:07 AM -0500

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-45708 - An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.
Published: December 26, 2021; 7:15:09 PM -0500

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-45425 - Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.
Published: December 28, 2021; 8:15:08 AM -0500

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-25990 - In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.
Published: December 29, 2021; 4:15:09 AM -0500

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2021-25989 - In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.
Published: December 29, 2021; 4:15:09 AM -0500

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2021-25988 - In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
Published: December 29, 2021; 4:15:09 AM -0500

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2021-4176 - livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Published: December 29, 2021; 10:15:07 AM -0500

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-4175 - livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Published: December 29, 2021; 10:15:07 AM -0500

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2021-4188 - mruby is vulnerable to NULL Pointer Dereference
Published: December 30, 2021; 2:15:06 AM -0500

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-45529 - Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P... read CVE-2021-45529
Published: December 25, 2021; 8:15:14 PM -0500

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM

CVE-2020-20944 - An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
Published: December 27, 2021; 4:15:07 PM -0500

V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM