Vulnerability Summary for the Week of March 22, 2021

High Vulnerabilities
Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. 2021-03-22 7.5 CVE-2021-26295
MLIST
CONFIRM
MLIST
MLIST
MLIST
apache — spamassassin In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. 2021-03-25 10 CVE-2020-1946
MISC
DEBIAN
apkleaks_project — apkleaks APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above. 2021-03-24 10 CVE-2021-21386
MISC
CONFIRM
eslint-fixer_project — eslint-fixer ** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted. 2021-03-19 10 CVE-2021-26275
MISC
MISC
genivia — gsoap A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. 2021-03-25 7.5 CVE-2021-21783
MISC
git-bug_project — git-bug git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). 2021-03-22 7.5 CVE-2021-28955
MISC
gnu — libmicrohttpd A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-25 10 CVE-2021-3466
MISC
gulpjs — copy-props The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality. 2021-03-23 7.5 CVE-2020-28503
CONFIRM
CONFIRM
CONFIRM
http-proxy-agent_project — http-proxy-agent A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. 2021-03-19 9 CVE-2019-10196
MISC
MISC
invigo — automatic_device_management The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application. 2021-03-25 9 CVE-2020-10583
CONFIRM
invigo — automatic_device_management A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database. 2021-03-25 7.5 CVE-2020-10582
CONFIRM
it-recht-kanzlei — it-recht-kanzlei The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection. 2021-03-19 7.5 CVE-2020-6577
MISC
MISC
linux — linux_kernel In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name ‘ ‘ termination, aka CID-cc7a0bb058b8. 2021-03-22 7.2 CVE-2021-28972
MISC
FEDORA
FEDORA
FEDORA
mariadb — mariadb A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. 2021-03-19 9 CVE-2021-27928
MISC
MLIST
MISC
MISC
MISC
MISC
MISC
markany — maepsbroker In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter. 2021-03-24 7.5 CVE-2020-7839
MISC
MISC
microsoft — visual_studio_code The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. 2021-03-24 7.5 CVE-2021-28967
MISC
MISC
MISC
MISC
mikrotik — routeros ** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor’s position is that this is intended behavior because of how user policies work. 2021-03-19 8.5 CVE-2021-27221
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. 2021-03-19 9.4 CVE-2021-26990
MISC
netgear — rbk852_firmware Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-03-23 8.3 CVE-2021-29066
MISC
netgear — rbr850_firmware NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass. 2021-03-23 8.3 CVE-2021-29065
MISC
netgear — rbw30_firmware Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. 2021-03-23 8.3 CVE-2021-29067
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash. 2021-03-25 7.8 CVE-2021-20210
MISC
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash. 2021-03-25 7.8 CVE-2020-35502
MISC
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. 2021-03-25 7.8 CVE-2021-20216
MISC
MISC
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. 2021-03-25 7.8 CVE-2021-20215
MISC
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash. 2021-03-25 7.8 CVE-2021-20211
MISC
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash. 2021-03-25 7.8 CVE-2021-20212
MISC
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. 2021-03-25 7.8 CVE-2021-20217
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. 2021-03-25 7.8 CVE-2021-20214
MISC
MISC
python — pillow An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. 2021-03-19 7.5 CVE-2021-25289
MISC
redhat — openshift_container_platform A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high. 2021-03-19 9 CVE-2019-10200
MISC
MISC
soplanning — soplanning SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account). 2021-03-21 7.5 CVE-2020-13963
MISC
MISC
thinksaas — thinksaas ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. 2021-03-24 7.5 CVE-2020-35337
MISC
MISC
tibco — api_exchange_gateway The Config UI component of TIBCO Software Inc.’s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below. 2021-03-23 7.5 CVE-2021-23274
CONFIRM
CONFIRM
tibco — ftl The Windows Installation component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.5.0 and below, TIBCO FTL – Developer Edition: versions 6.5.0 and below, and TIBCO FTL – Enterprise Edition: versions 6.5.0 and below. 2021-03-23 7.2 CVE-2021-28819
CONFIRM
tobesoft — xplatform An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution. 2021-03-24 7.5 CVE-2020-7853
MISC
typo3 — typo3 TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions – however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well – given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename – which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. 2021-03-23 7.5 CVE-2021-21355
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 7.5 CVE-2021-21350
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 7.5 CVE-2021-21347
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 7.5 CVE-2021-21346
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 7.5 CVE-2021-21344
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 7.8 CVE-2021-21348
MISC
CONFIRM
MISC
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — pdfbox A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 2021-03-19 4.3 CVE-2021-27807
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
FEDORA
apache — pdfbox A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 2021-03-19 4.3 CVE-2021-27906
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
FEDORA
aryanic — high_cms Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via ‘user’ to LoginForm. 2021-03-26 4.3 CVE-2020-23517
MISC
atlassian — data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. 2021-03-22 6.4 CVE-2021-26070
MISC
atlassian — data_center Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. 2021-03-22 5 CVE-2021-26069
MISC
bit_project — bit In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. 2021-03-21 6.8 CVE-2021-28954
MISC
bosch — configuration_manager Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim’s system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. 2021-03-25 6.9 CVE-2020-6788
CONFIRM
bosch — ip_helper Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim’s system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same application directory as the portable IP Helper application. 2021-03-25 6.9 CVE-2020-6771
CONFIRM
bosch — monitor_wall Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim’s system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. 2021-03-25 6.9 CVE-2020-6789
CONFIRM
bosch — video_client Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim’s system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. 2021-03-25 6.9 CVE-2020-6787
CONFIRM
bosch — video_management_system Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim’s system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1. 2021-03-25 6.9 CVE-2020-6785
CONFIRM
bosch — video_recording_manager Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim’s system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. 2021-03-25 6.9 CVE-2020-6786
CONFIRM
bosch — video_streaming_gateway Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim’s system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from. 2021-03-25 6.9 CVE-2020-6790
CONFIRM
busybox — busybox decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. 2021-03-19 5 CVE-2021-28831
MISC
FEDORA
compassplus — tranzware_e-commerce_payment_gateway /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. 2021-03-19 5 CVE-2021-28110
MISC
compassplus — tranzware_e-commerce_payment_gateway index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability 2021-03-19 4.3 CVE-2021-28126
MISC
compassplus — tranzware_fimi TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). 2021-03-19 4.3 CVE-2021-28109
MISC
MISC
contiki-os — contiki An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c. 2021-03-24 5 CVE-2021-28362
MISC
MISC
crawlerdetect_project — crawlerdetect This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators. 2021-03-22 5 CVE-2020-28501
CONFIRM
CONFIRM
csphere — clansphere Clansphere CMS 2011.4 allows unauthenticated reflected XSS via “language” parameter. 2021-03-23 4.3 CVE-2021-27310
MISC
csphere — clansphere Clansphere CMS 2011.4 allows unauthenticated reflected XSS via “module” parameter. 2021-03-23 4.3 CVE-2021-27309
MISC
doctor_appointment_system_project — doctor_appointment_system Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. 2021-03-24 5 CVE-2021-27320
MISC
MISC
doctor_appointment_system_project — doctor_appointment_system Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. 2021-03-24 5 CVE-2021-27319
MISC
doctor_appointment_system_project — doctor_appointment_system Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. 2021-03-24 5 CVE-2021-27316
MISC
doctor_appointment_system_project — doctor_appointment_system Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. 2021-03-24 5 CVE-2021-27315
MISC
esri — arcgis Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. 2021-03-25 6.8 CVE-2021-29097
CONFIRM
esri — arcgis Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. 2021-03-25 6 CVE-2021-29095
CONFIRM
esri — arcgis Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. 2021-03-25 6.8 CVE-2021-29098
CONFIRM
ftapi — ftapi FTAPI 4.0 – 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. 2021-03-19 4.3 CVE-2021-25277
MISC
MISC
fudforum — fudforum A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “author” parameter. 2021-03-19 4.3 CVE-2021-27520
MISC
fudforum — fudforum A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “srch” parameter. 2021-03-19 4.3 CVE-2021-27519
MISC
github — enterprise_server A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program. 2021-03-23 6.5 CVE-2021-22864
MISC
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. 2021-03-24 6.5 CVE-2021-22192
CONFIRM
MISC
MISC
gitlab — gitlab A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature. 2021-03-24 5.5 CVE-2021-22179
CONFIRM
MISC
MISC
gitlab — gitlab An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners 2021-03-24 4 CVE-2021-22186
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. 2021-03-24 4 CVE-2021-22178
CONFIRM
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests 2021-03-24 4 CVE-2021-22176
CONFIRM
MISC
MISC
gitlab — gitlab An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages. 2021-03-24 4 CVE-2021-22169
CONFIRM
MISC
grafana — grafana The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn’t supposed to have. 2021-03-22 4 CVE-2021-28146
MISC
MISC
CONFIRM
MISC
MISC
MISC
CONFIRM
grafana — grafana One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance. 2021-03-22 5 CVE-2021-28148
MISC
MISC
CONFIRM
MISC
MISC
MISC
CONFIRM
hashicorp — terraform_enterprise HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1. 2021-03-26 4 CVE-2021-3153
CONFIRM
hidglobal — omnikey_5427_firmware HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. 2021-03-24 6.8 CVE-2020-36283
MISC
MISC
hmtalk — daviewindy DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. 2021-03-24 6.8 CVE-2020-7852
MISC
hpe — network_orchestrator A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection. 2021-03-22 5 CVE-2021-26578
MISC
huawei — eudc660_firmware The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device. 2021-03-22 4.6 CVE-2020-9206
MISC
huawei — ips_module_firmware There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600. 2021-03-22 5 CVE-2021-22320
MISC
huawei — manageone There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1. 2021-03-22 6.5 CVE-2021-22311
MISC
huawei — manageone There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. 2021-03-22 4.6 CVE-2021-22314
MISC
huawei — ngfw_module_firmware There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500. 2021-03-22 5 CVE-2020-9213
MISC
huawei — nip6300_firmware There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500. 2021-03-22 5 CVE-2021-22321
MISC
huawei — usg9500_firmware There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak. 2021-03-22 4 CVE-2020-9212
MISC
huawei — usg9500_firmware There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00. 2021-03-22 5 CVE-2021-22309
MISC
ibm — elastic_storage_server IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. IBM X-Force ID: 193486. 2021-03-24 5 CVE-2020-5015
XF
CONFIRM
CONFIRM
ibm — planning_analytics IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852. 2021-03-22 5.8 CVE-2020-4882
XF
CONFIRM
ibm — soar IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. 2021-03-19 5 CVE-2020-4635
XF
CONFIRM
invigo — automatic_device_management A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application. 2021-03-25 6.5 CVE-2020-10580
CONFIRM
invigo — automatic_device_management A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application. 2021-03-25 5 CVE-2020-10579
CONFIRM
invigo — automatic_device_management Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. 2021-03-25 5 CVE-2020-10581
CONFIRM
invigo — automatic_device_management A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application. 2021-03-25 5 CVE-2020-10584
CONFIRM
jellyfin — jellyfin Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server’s file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible. 2021-03-23 4 CVE-2021-21402
MISC
MISC
CONFIRM
killport_project — killport This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. 2021-03-21 6.5 CVE-2021-23360
MISC
MISC
MISC
kramdown_project — kramdown Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. 2021-03-19 6.8 CVE-2021-28834
MISC
MISC
MISC
FEDORA
libass_project — libass Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.14.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. 2021-03-23 6.8 CVE-2020-24994
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) 2021-03-20 4.6 CVE-2021-28952
MISC
FEDORA
FEDORA
FEDORA
MISC
linux — linux_kernel In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. 2021-03-22 4.9 CVE-2021-28971
MISC
FEDORA
FEDORA
FEDORA
linux — linux_kernel An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. 2021-03-20 4.9 CVE-2021-28951
MISC
FEDORA
FEDORA
FEDORA
linux — linux_kernel The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (“bpf: Fix truncation handling for mod32 dst reg wrt zero”) and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. 2021-03-23 4.6 CVE-2021-3444
MLIST
MISC
MISC
lxml — lxml lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute. 2021-03-21 4.3 CVE-2021-28957
MISC
MISC
MLIST
mcafee — data_loss_prevention Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker’s choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time. 2021-03-23 4.6 CVE-2020-7346
CONFIRM
microfocus — access_manager Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. 2021-03-25 5 CVE-2021-22496
MISC
microsoft — c\/c_advanced_lint The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. 2021-03-21 6.8 CVE-2021-28953
MISC
MISC
minio — minio MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using “aws-chunked” encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS. 2021-03-19 4.3 CVE-2021-21390
MISC
MISC
CONFIRM
moodle — moodle A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum’s subscription mode was set to “forced subscription”, the forum’s subscribe link contained an open redirect. 2021-03-19 5.8 CVE-2019-14831
MISC
MISC
moodle — moodle A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user’s mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is “via the app”). 2021-03-19 5.8 CVE-2019-14830
MISC
MISC
moodle — moodle A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role. 2021-03-19 4 CVE-2019-14828
MISC
moodle — moodle A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode. 2021-03-19 4 CVE-2019-14829
MISC
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. 2021-03-19 5 CVE-2021-26991
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). 2021-03-19 5 CVE-2021-26992
MISC
netgear — r6700_firmware Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50. 2021-03-23 6.5 CVE-2021-29068
MISC
netgear — r8000p_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106. 2021-03-23 5.2 CVE-2021-29073
MISC
netgear — rbk852_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-03-23 5.2 CVE-2021-29072
MISC
netgear — rbk852_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. 2021-03-23 5.2 CVE-2021-29071
MISC
netgear — rbk852_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-03-23 5.2 CVE-2021-29070
MISC
netgear — rbk852_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. 2021-03-23 5.8 CVE-2021-29078
MISC
netgear — rbk852_firmware Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126. 2021-03-23 4.8 CVE-2021-29080
MISC
netgear — rbk852_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-03-23 5.8 CVE-2021-29076
MISC
netgear — rbk852_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-03-23 5.8 CVE-2021-29079
MISC
netgear — rbw30_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. 2021-03-23 5.8 CVE-2021-29077
MISC
netgear — rbw30_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. 2021-03-23 5.2 CVE-2021-29075
MISC
netgear — rbw30_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. 2021-03-23 5.8 CVE-2021-29081
MISC
netgear — rbw30_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. 2021-03-23 5.2 CVE-2021-29074
MISC
netgear — xr450_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76. 2021-03-23 5.2 CVE-2021-29069
MISC
npmjs — hosted-git-info The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl(). 2021-03-23 5 CVE-2021-23362
MISC
MISC
MISC
open-emr — openemr In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user. 2021-03-22 5.5 CVE-2021-25920
MISC
MISC
open-emr — openemr In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code. 2021-03-22 4.3 CVE-2021-25922
MISC
MISC
openmicroscopy — omero.web OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting. 2021-03-23 4.9 CVE-2021-21377
MISC
MISC
CONFIRM
MISC
MISC
openmicroscopy — omero.web OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0. 2021-03-23 5 CVE-2021-21376
MISC
MISC
CONFIRM
MISC
MISC
openwrt — openwrt applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. 2021-03-21 6.5 CVE-2021-28961
MISC
otrs — faq Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions. 2021-03-22 4 CVE-2021-21438
MISC
otrs — itsmconfigurationmanagement Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions 2021-03-22 4 CVE-2021-21437
MISC
postgresql — postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. 2021-03-19 4.1 CVE-2019-10128
MISC
MISC
postgresql — postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files. 2021-03-19 4.3 CVE-2019-10127
MISC
MISC
projectacrn — acrn ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference. 2021-03-26 5 CVE-2020-28346
MISC
MISC
protocol — go-ipfs go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG. This is fixed in version 0.8.0-rc1. 2021-03-24 5.5 CVE-2020-26279
MISC
CONFIRM
MISC
protocol — go-ipfs go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0. 2021-03-24 6.5 CVE-2020-26283
MISC
MISC
CONFIRM
pygments — pygments An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the “exception” keyword. 2021-03-23 5 CVE-2021-20270
MISC
python — pillow An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. 2021-03-19 5 CVE-2021-25290
MISC
python — pillow An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. 2021-03-19 5 CVE-2021-25291
MISC
python — pillow An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. 2021-03-19 5 CVE-2021-25293
MISC
python — pillow An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. 2021-03-19 4.3 CVE-2021-25292
MISC
redhat — jboss-remoting A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. 2021-03-23 5 CVE-2019-19343
MISC
MISC
redhat — keycloak A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-23 5.1 CVE-2021-20222
MISC
redhat — openshift A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn’t sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files. 2021-03-19 6.5 CVE-2019-10225
MISC
redhat — openshift_container_platform An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2021-03-24 6.9 CVE-2019-19353
MISC
MISC
MISC
redhat — openshift_container_platform An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2021-03-24 4.4 CVE-2019-19352
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code. 2021-03-25 4.3 CVE-2021-22888
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code. 2021-03-25 4.3 CVE-2021-22889
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-22 4.3 CVE-2021-27594
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-22 4.3 CVE-2021-27596
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-22 4.3 CVE-2021-27595
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-22 4.3 CVE-2021-27593
MISC
MISC
schema-inspector_project — schema-inspector Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn’t vulnerable to ReDoS. 2021-03-19 5 CVE-2021-21267
MISC
CONFIRM
MISC
shescape_project — shescape shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required. 2021-03-19 4.4 CVE-2021-21384
MISC
MISC
CONFIRM
MISC
shibboleth — service_provider Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. 2021-03-22 5 CVE-2021-28963
MISC
MISC
MISC
MISC
MISC
sophos — connect A malicious website could execute code remotely in Sophos Connect Client before version 2.1. 2021-03-22 6.8 CVE-2021-25265
MISC
CONFIRM
spinetix — dsos spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd. 2021-03-24 4 CVE-2020-15809
MISC
MISC
squid-cache — squid An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. 2021-03-19 5 CVE-2020-25097
MISC
MISC
MISC
DEBIAN
stormshield — network_security The ClamAV Engine (Version 0.103.1 and below) embedded in Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of parsing of malformed png files. 2021-03-19 4.3 CVE-2021-27506
CONFIRM
MISC
tibco — rendezvous The Windows Installation component of TIBCO Software Inc.’s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. 2021-03-23 4.6 CVE-2021-28817
CONFIRM
torproject — tor Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. 2021-03-19 5 CVE-2021-28089
CONFIRM
MISC
FEDORA
torproject — tor Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. 2021-03-19 5 CVE-2021-28090
CONFIRM
CONFIRM
MISC
FEDORA
typo3 — typo3 TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively – amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1. 2021-03-23 5 CVE-2021-21359
CONFIRM
MISC
MISC
typo3 — typo3 TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext – without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack – like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. 2021-03-23 5 CVE-2021-21339
CONFIRM
MISC
MISC
typo3 — typo3 TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads – however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. 2021-03-23 6.5 CVE-2021-21357
CONFIRM
MISC
MISC
typo3 — typo3 TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. 2021-03-23 5.8 CVE-2021-21338
CONFIRM
MISC
MISC
vivo — appstore The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. 2021-03-23 5.8 CVE-2020-12483
CONFIRM
westerndigital — armorlock The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. 2021-03-19 4 CVE-2021-28653
MISC
wrongthink — wrongthink Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0. 2021-03-19 5 CVE-2021-21387
CONFIRM
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 6.5 CVE-2021-21345
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 6.4 CVE-2021-21342
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 5 CVE-2021-21341
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 5 CVE-2021-21343
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 6.5 CVE-2021-21351
MISC
CONFIRM
MISC
MISC
xstream_project — xstream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 2021-03-23 5 CVE-2021-21349
MISC
CONFIRM
MISC
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager. 2021-03-23 6.5 CVE-2021-21380
CONFIRM
MISC
zen-cart — zen_cart Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. 2021-03-19 4.3 CVE-2020-6578
MISC
MISC
zetetic — sqlcipher Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault. 2021-03-25 5 CVE-2021-3119
MISC
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
4homepages — 4images A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the “redirect” parameter. 2021-03-22 3.5 CVE-2021-27308
MISC
acquia — mautic In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application. 2021-03-23 2.1 CVE-2021-27908
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI. 2021-03-24 3.5 CVE-2021-29029
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI. 2021-03-24 3.5 CVE-2021-29028
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI. 2021-03-24 3.5 CVE-2021-29027
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI. 2021-03-24 3.5 CVE-2021-29026
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI. 2021-03-24 3.5 CVE-2021-29025
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI. 2021-03-24 3.5 CVE-2021-29031
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI. 2021-03-24 3.5 CVE-2021-29032
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI. 2021-03-24 3.5 CVE-2021-29033
MISC
bitweaver — bitweaver A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI. 2021-03-24 3.5 CVE-2021-29030
MISC
boonex — dolphin_cms Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder “width” parameter. 2021-03-23 3.5 CVE-2021-27969
MISC
MISC
MISC
MISC
craftcms — craft_cms Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new. 2021-03-26 3.5 CVE-2020-19626
MISC
MISC
duo — authentication_proxy The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue. 2021-03-25 3.6 CVE-2021-1492
CISCO
dynpg — dynpg A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the “page” parameter. 2021-03-23 3.5 CVE-2021-27526
MISC
dynpg — dynpg A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the “query” parameter. 2021-03-23 3.5 CVE-2021-27531
MISC
dynpg — dynpg A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the “valueID” parameter. 2021-03-23 3.5 CVE-2021-27527
MISC
dynpg — dynpg A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the “refID” parameter. 2021-03-23 3.5 CVE-2021-27528
MISC
dynpg — dynpg A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. 2021-03-23 3.5 CVE-2021-27530
MISC
dynpg — dynpg A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the “limit” parameter. 2021-03-23 3.5 CVE-2021-27529
MISC
ftapi — ftapi FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. 2021-03-19 3.5 CVE-2021-25278
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. 2021-03-24 3.5 CVE-2021-22193
CONFIRM
MISC
MISC
gitlab — gitlab Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki 2021-03-24 3.5 CVE-2021-22185
CONFIRM
MISC
MISC
gnu — punbb An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. 2021-03-22 3.5 CVE-2021-28968
MISC
grafana — grafana The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn’t supposed to have. 2021-03-22 3.5 CVE-2021-28147
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
haserl_project — haserl Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem. 2021-03-24 2.1 CVE-2021-29133
MISC
MISC
MISC
MISC
huawei — nip6300_firmware There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10. 2021-03-22 2.1 CVE-2021-22310
MISC
libtpms_project — libtpms A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. 2021-03-25 2.1 CVE-2021-3446
MISC
linux — linux_kernel A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability. 2021-03-23 2.1 CVE-2021-20219
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. 2021-03-20 2.1 CVE-2020-27171
MLIST
MISC
MISC
FEDORA
FEDORA
FEDORA
MISC
linux — linux_kernel An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A “stall on CPU” can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. 2021-03-20 2.1 CVE-2021-28950
MISC
MISC
FEDORA
FEDORA
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. 2021-03-20 2.1 CVE-2020-27170
MLIST
MISC
MISC
FEDORA
FEDORA
FEDORA
MISC
linux — linux_kernel A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. 2021-03-22 1.9 CVE-2021-28964
MISC
FEDORA
FEDORA
FEDORA
netflix — hollow In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated. 2021-03-23 3.6 CVE-2021-28099
MISC
netflix — priam Priam uses File.createTempFile, which gives the permissions on that file -rw-r–r–. An attacker with read access to the local filesystem can read anything written there by the Priam process. 2021-03-23 2.1 CVE-2021-28100
MISC
netgear — rbw30_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2021-03-23 3.3 CVE-2021-29082
MISC
open-emr — openemr In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. 2021-03-22 3.5 CVE-2021-25919
MISC
MISC
open-emr — openemr In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. 2021-03-22 3.5 CVE-2021-25918
MISC
MISC
open-emr — openemr In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit. 2021-03-22 3.5 CVE-2021-25921
MISC
MISC
open-emr — openemr In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. 2021-03-22 3.5 CVE-2021-25917
MISC
MISC
ovation — dynamic_content Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. 2021-03-19 3.5 CVE-2021-3327
MISC
MISC
plone — plone A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the “form.widgets.site_title” parameter. 2021-03-24 3.5 CVE-2021-29002
MISC
seopanel — seo_panel A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the “report_type” parameter. 2021-03-25 3.5 CVE-2021-29010
MISC
seopanel — seo_panel A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the “type” parameter. 2021-03-25 3.5 CVE-2021-29009
MISC
seopanel — seo_panel A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the “to_time” parameter. 2021-03-25 3.5 CVE-2021-29008
MISC
sqlite — sqlite A flaw was found in SQLite’s SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. 2021-03-23 2.1 CVE-2021-20227
MISC
MISC
tenable — nessus_agent Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. 2021-03-19 2.1 CVE-2021-20077
MISC
typo3 — typo3 TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. 2021-03-23 3.5 CVE-2021-21370
CONFIRM
MISC
MISC
typo3 — typo3 TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1. 2021-03-23 3.5 CVE-2021-21358
CONFIRM
MISC
MISC
typo3 — typo3 TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 . 2021-03-23 3.5 CVE-2021-21340
CONFIRM
MISC
MISC

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
389-ds-base — 389-ds-base When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. 2021-03-26 not yet calculated CVE-2020-35518
MISC
MISC
MISC
MISC
askey — fiber_router Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. 2021-03-26 not yet calculated CVE-2020-28695
MISC
basercms — basercms Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. 2021-03-26 not yet calculated CVE-2021-20681
MISC
MISC
basercms — basercms baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. 2021-03-26 not yet calculated CVE-2021-20682
MISC
MISC
basercms — basercms Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. 2021-03-26 not yet calculated CVE-2021-20683
MISC
MISC
bluemonday — bluemonday bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the “script” string. 2021-03-27 not yet calculated CVE-2021-29272
MISC
MISC
btcpay — server BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. 2021-03-26 not yet calculated CVE-2021-29249
MISC
MISC
ca — ehealth_performance_manager ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 not yet calculated CVE-2021-28250
MISC
ca — ehealth_performance_manager ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 not yet calculated CVE-2021-28246
MISC
ca — ehealth_performance_manager ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 not yet calculated CVE-2021-28247
MISC
ca — ehealth_performance_manager ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 not yet calculated CVE-2021-28248
MISC
ca — ehealth_performance_manager ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 not yet calculated CVE-2021-28249
MISC
canpack — canpack A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. 2021-03-26 not yet calculated CVE-2021-20285
MISC
MISC
cisco — access_points_software A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device. 2021-03-24 not yet calculated CVE-2021-1449
CISCO
cisco — aironet_access_points A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device. 2021-03-24 not yet calculated CVE-2021-1423
CISCO
cisco — aironet_access_points A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition. 2021-03-24 not yet calculated CVE-2021-1439
CISCO
cisco — aironet_access_points A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP). 2021-03-24 not yet calculated CVE-2021-1437
CISCO
cisco — ios_ios_and_ios_xe_software A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device. 2021-03-24 not yet calculated CVE-2021-1392
CISCO
cisco — ios_xe_sd-wan_software A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user. 2021-03-24 not yet calculated CVE-2021-1432
CISCO
cisco — ios_xe_sd-wan_software A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system. 2021-03-24 not yet calculated CVE-2021-1434
CISCO
cisco — ios_xe_sd-wan_software A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges. 2021-03-24 not yet calculated CVE-2021-1371
CISCO
cisco — ios_xe_sd-wan_software Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. 2021-03-24 not yet calculated CVE-2021-1383
CISCO
cisco — ios_xe_sd-wan_software A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root privileges. 2021-03-24 not yet calculated CVE-2021-1382
CISCO
cisco — ios_xe_sd-wan_software A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2021-03-24 not yet calculated CVE-2021-1431
CISCO
cisco — ios_xe_sd-wan_software A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition. 2021-03-24 not yet calculated CVE-2021-1433
CISCO
cisco — ios_xe_sd-wan_software A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. 2021-03-24 not yet calculated CVE-2021-1436
CISCO
cisco — ios_xe_sd-wan_software A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user. 2021-03-24 not yet calculated CVE-2021-1281
CISCO
cisco — ios_xe_sd-wan_software Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. 2021-03-24 not yet calculated CVE-2021-1454
CISCO
cisco — ios_xe_software A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user. 2021-03-24 not yet calculated CVE-2021-1435
CISCO
cisco — ios_xe_software A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 2021-03-24 not yet calculated CVE-2021-1352
CISCO
cisco — ios_xe_software A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console. 2021-03-24 not yet calculated CVE-2021-1381
CISCO
cisco — ios_xe_software A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition. 2021-03-24 not yet calculated CVE-2021-1403
CISCO
cisco — ios_xe_software A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege. 2021-03-24 not yet calculated CVE-2021-1391
CISCO
cisco — ios_xe_software A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device. 2021-03-24 not yet calculated CVE-2021-1398
CISCO
cisco — ios_xe_software A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying Linux operating system of an affected device. The vulnerability is due to incorrect boundary checks of certain values in Easy VSS protocol packets that are destined for an affected device. An attacker could exploit this vulnerability by sending crafted Easy VSS protocol packets to UDP port 5500 while the affected device is in a specific state. When the crafted packet is processed, a buffer overflow condition may occur. A successful exploit could allow the attacker to trigger a denial of service (DoS) condition or execute arbitrary code with root privileges on the underlying Linux operating system of the affected device. 2021-03-24 not yet calculated CVE-2021-1451
CISCO
cisco — ios_xe_software A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through an affected device that is performing NAT for DNS packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability can be exploited only by traffic that is sent through an affected device via IPv4 packets. The vulnerability cannot be exploited via IPv6 traffic. 2021-03-24 not yet calculated CVE-2021-1446
CISCO
cisco — ios_xe_software A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are parsed from a specific configuration file. An attacker could exploit this vulnerability by tampering with a specific configuration file and then sending an API call. A successful exploit could allow the attacker to inject arbitrary code that would be executed on the underlying operating system of the affected device. To exploit this vulnerability, the attacker would need to have a privileged set of credentials to the device. 2021-03-24 not yet calculated CVE-2021-1443
CISCO
cisco — ios_xe_software A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set. An attacker could exploit this vulnerability by setting malicious values for a specific ROMMON variable. A successful exploit could allow the attacker to execute unsigned code and bypass the image verification check during the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated, physical access to the device or obtain privileged access to the root shell on the device. 2021-03-24 not yet calculated CVE-2021-1452
CISCO
cisco — ios_xe_software A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device. 2021-03-24 not yet calculated CVE-2021-1453
CISCO
cisco — ios_xe_software A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. The attacker could take advantage of this logic error to overwrite system memory locations and execute arbitrary code on the underlying Linux operating system (OS) of the affected device. 2021-03-24 not yet calculated CVE-2021-1390
CISCO
cisco — ios_xe_software A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic that is destined to an affected device. An attacker could exploit this vulnerability by sending a large number of crafted TCP packets to the affected device. A successful exploit could allow the attacker to cause the web management interface to become unavailable, resulting in a DoS condition. Note: This vulnerability does not impact traffic that is going through the device or going to the Management Ethernet interface of the device. 2021-03-24 not yet calculated CVE-2021-1394
CISCO
cisco — ios_xe_software A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system. 2021-03-24 not yet calculated CVE-2021-1442
CISCO
cisco — ios_xe_software A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user. 2021-03-24 not yet calculated CVE-2021-1384
CISCO
cisco — ios_xe_software A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition. 2021-03-24 not yet calculated CVE-2021-1377
CISCO
cisco — ios_xe_software Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory. 2021-03-24 not yet calculated CVE-2021-1376
CISCO
cisco — ios_xe_software Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory. 2021-03-24 not yet calculated CVE-2021-1375
CISCO
cisco — ios_xe_software Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. 2021-03-24 not yet calculated CVE-2021-1356
CISCO
cisco — ios_xe_software Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. 2021-03-24 not yet calculated CVE-2021-1220
CISCO
cisco — ios_xe_software A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of parameters passed to a diagnostic script that is executed when the device boots up. An attacker could exploit this vulnerability by tampering with an executable file stored on a device. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need administrative level credentials (level 15) on the device. 2021-03-24 not yet calculated CVE-2021-1441
CISCO
cisco — ios_xe_wireless_controller A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by authenticating to the device as a high-privileged user, adding certain configurations with malicious code in one of its fields, and persuading another user to click on it. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. 2021-03-24 not yet calculated CVE-2021-1374
CISCO
cisco — ios_xe_wireless_controller A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. 2021-03-24 not yet calculated CVE-2021-1373
CISCO
cisco — iox_application_framework A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition. 2021-03-24 not yet calculated CVE-2021-1460
CISCO
cisco — jabber Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-03-24 not yet calculated CVE-2021-1417
CISCO
cisco — jabber Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-03-24 not yet calculated CVE-2021-1418
CISCO
cisco — jabber Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-03-24 not yet calculated CVE-2021-1471
CISCO
cisco — jabber Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-03-24 not yet calculated CVE-2021-1469
CISCO
cisco — jabber Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-03-24 not yet calculated CVE-2021-1411
CISCO
cisco — multiple_products A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system. 2021-03-24 not yet calculated CVE-2021-1385
CISCO
clienthello — clienthello An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). 2021-03-25 not yet calculated CVE-2021-3449
MLIST
MLIST
MLIST
MLIST
CONFIRM
MISC
CONFIRM
CISCO
DEBIAN
CONFIRM
containernetworking/cni — containernetworking/cni An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the ‘type’ field in the network configuration, it is possible to use special elements such as “../” separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as ‘reboot’. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-03-26 not yet calculated CVE-2021-20206
MISC
MISC
esri — arcgis_server Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. 2021-03-25 not yet calculated CVE-2021-29094
CONFIRM
esri — arcgis_server A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. 2021-03-25 not yet calculated CVE-2021-29093
CONFIRM
esri — multiple_products A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. 2021-03-25 not yet calculated CVE-2021-29096
CONFIRM
forgerock — openam ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key. 2021-03-25 not yet calculated CVE-2021-29156
MISC
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. 2021-03-26 not yet calculated CVE-2020-25582
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. 2021-03-26 not yet calculated CVE-2020-7467
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges. 2021-03-26 not yet calculated CVE-2020-7468
MISC
freebsd — freebsd In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. 2021-03-26 not yet calculated CVE-2020-7462
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. 2021-03-26 not yet calculated CVE-2020-25581
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. 2021-03-26 not yet calculated CVE-2020-25578
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. 2021-03-26 not yet calculated CVE-2020-25579
MISC
freebsd — freebsd In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. 2021-03-26 not yet calculated CVE-2020-7461
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. 2021-03-26 not yet calculated CVE-2020-25580
MISC
freebsd — freebsd In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. 2021-03-26 not yet calculated CVE-2020-7463
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs. 2021-03-26 not yet calculated CVE-2020-7464
MISC
fuji — multiple_devices Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command. 2021-03-25 not yet calculated CVE-2021-20679
MISC
MISC
MISC
ge — mu320e The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). 2021-03-25 not yet calculated CVE-2021-27452
MISC
ge — mu320e A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1). 2021-03-25 not yet calculated CVE-2021-27448
MISC
ge — mu320e SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1). 2021-03-25 not yet calculated CVE-2021-27450
MISC
ge — reason_dr60 The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). 2021-03-25 not yet calculated CVE-2021-27438
MISC
ge — reason_dr60 The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). 2021-03-25 not yet calculated CVE-2021-27440
MISC
ge — reason_dr60 The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). 2021-03-25 not yet calculated CVE-2021-27454
MISC
gitlab — gitlab In all versions of GitLab starting from 13.7, marshalled session keys were being stored in Redis. 2021-03-26 not yet calculated CVE-2021-22194
CONFIRM
MISC
gitlab — gitlab An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn’t properly redacted. 2021-03-26 not yet calculated CVE-2021-22184
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. 2021-03-26 not yet calculated CVE-2021-22180
CONFIRM
MISC
MISC
gitlab — gitlab Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page 2021-03-26 not yet calculated CVE-2021-22172
CONFIRM
MISC
MISC
gnu — binutils A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. 2021-03-26 not yet calculated CVE-2021-20284
MISC
MISC
gnu — binutils There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. 2021-03-26 not yet calculated CVE-2021-20197
MISC
MISC
gnu — tar A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. 2021-03-26 not yet calculated CVE-2021-20193
MISC
MISC
MISC
grafana — enterprise Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. 2021-03-22 not yet calculated CVE-2021-27962
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC
imagemagik — imagemagik A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. 2021-03-26 not yet calculated CVE-2020-27829
MISC
MISC
jasper_project — jasper A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. 2021-03-25 not yet calculated CVE-2021-3467
MISC
FEDORA
jasper_project — jasper A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. 2021-03-25 not yet calculated CVE-2021-3443
MISC
kde — discover libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor ) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) 2021-03-20 not yet calculated CVE-2021-28117
MISC
CONFIRM
CONFIRM
MISC
kongchuanhujiao/server — kongchuanhujiao/server In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21. 2021-03-26 not yet calculated CVE-2021-21403
MISC
CONFIRM
librit — librit app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization. 2021-03-26 not yet calculated CVE-2021-3027
MISC
linux — linux_kernel A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. 2021-03-26 not yet calculated CVE-2020-35508
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. 2021-03-26 not yet calculated CVE-2021-29265
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. 2021-03-26 not yet calculated CVE-2021-29264
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. 2021-03-26 not yet calculated CVE-2021-29266
MISC
MISC
mcafee — epolicy_orchestrator Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator’s entries were not correctly sanitized. 2021-03-26 not yet calculated CVE-2021-23889
CONFIRM
mcafee — epolicy_orchestrator Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN. 2021-03-26 not yet calculated CVE-2021-23890
CONFIRM
mcafee — epolicy_orchestrator Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user. 2021-03-26 not yet calculated CVE-2021-23888
CONFIRM
micro_focus — access_manager Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. 2021-03-26 not yet calculated CVE-2021-22506
MISC
micro_focus — access_manager Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. 2021-03-26 not yet calculated CVE-2020-25840
MISC
microseven — mym71080i-b_devices MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials. 2021-03-26 not yet calculated CVE-2021-29255
MISC
MISC
mifos-mobile — mifosx Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. Accepting any certificate, even self-signed ones allows man-in-the-middle attacks. This problem is fixed in mifos-mobile commit e505f62. 2021-03-24 not yet calculated CVE-2021-21385
MISC
CONFIRM
MISC
mulesoft — mulesoft MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021. 2021-03-26 not yet calculated CVE-2021-1628
MISC
mulesoft — mulesoft MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021. 2021-03-26 not yet calculated CVE-2021-1627
MISC
mulesoft — mulesoft MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021. 2021-03-26 not yet calculated CVE-2021-1626
MISC
nanopb — nanopb Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds. 2021-03-23 not yet calculated CVE-2021-21401
MISC
MISC
MISC
CONFIRM
netop — vision_pro Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords. 2021-03-25 not yet calculated CVE-2021-27194
MISC
netop — vision_pro Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients. 2021-03-25 not yet calculated CVE-2021-27192
MISC
netop — vision_pro Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic. 2021-03-25 not yet calculated CVE-2021-27195
MISC
netop — vision_pro Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation. 2021-03-25 not yet calculated CVE-2021-27193
MISC
nimble — nimble Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, “nimble refresh” fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. 2021-03-26 not yet calculated CVE-2021-21374
MISC
MISC
MISC
CONFIRM
nimble — nimble Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution. 2021-03-26 not yet calculated CVE-2021-21372
MISC
MISC
MISC
CONFIRM
nimble — nimble Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, “nimble refresh” fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. 2021-03-26 not yet calculated CVE-2021-21373
MISC
MISC
CONFIRM
nokia — netact An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim’s web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. 2021-03-25 not yet calculated CVE-2021-26596
MISC
MISC
nokia — netact An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. 2021-03-25 not yet calculated CVE-2021-26597
MISC
MISC
oauth2-proxy — oauth2-proxy OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `–gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn’t restricted. Additionally, any authenticated users had whichever groups were set in `–gitlab-group` added to the new `X-Forwarded-Groups` header to the upstream application. While adding GitLab project based authorization support in #630, a bug was introduced where the user session’s groups field was populated with the `–gitlab-group` config entries instead of pulling the individual user’s group membership from the GitLab Userinfo endpoint. When the session groups where compared against the allowed groups for authorization, they matched improperly (since both lists were populated with the same data) so authorization was allowed. This impacts GitLab Provider users who relies on group membership for authorization restrictions. Any authenticated users in your GitLab environment can access your applications regardless of `–gitlab-group` membership restrictions. This is patched in v7.1.0. There is no workaround for the Group membership bug. But `–gitlab-project` can be set to use Project membership as the authorization checks instead of groups; it is not broken. 2021-03-26 not yet calculated CVE-2021-21411
MISC
MISC
MISC
CONFIRM
MISC
openid — connect_server The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network. 2021-03-25 not yet calculated CVE-2021-26715
MISC
MISC
openssl — openssl The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a “purpose” has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named “purpose” values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). 2021-03-25 not yet calculated CVE-2021-3450
MLIST
MLIST
MLIST
MLIST
CONFIRM
MISC
CONFIRM
CISCO
CONFIRM
oria — gridx Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. 2021-03-26 not yet calculated CVE-2020-19625
MISC
MISC
privoxy — privoxy A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. 2021-03-25 not yet calculated CVE-2021-20213
MISC
MISC
qemu — qemu The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. 2021-03-23 not yet calculated CVE-2021-3409
MISC
MISC
qemu — qemu A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object ‘req’ from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected. 2021-03-23 not yet calculated CVE-2021-3392
MISC
MISC
realtek — xpon_rtl9601D_sdk_devices Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. 2021-03-25 not yet calculated CVE-2021-27372
MISC
red_hat — red_hat An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2021-03-24 not yet calculated CVE-2019-19354
MISC
MISC
MISC
red_hat — red_hat An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2021-03-24 not yet calculated CVE-2019-19349
MISC
MISC
red_hat — red_hat An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2021-03-24 not yet calculated CVE-2019-19350
MISC
MISC
remark42 — remark42 remark42 before 1.6.1 allows XSS, as demonstrated by “Locator: Locator{URL:” followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go. 2021-03-27 not yet calculated CVE-2021-29271
MISC
resteasy — resteasy A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method’s parameter value. The highest threat from this vulnerability is to data confidentiality. 2021-03-26 not yet calculated CVE-2021-20289
MISC
rocket.chat — rocket.chat Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app. 2021-03-26 not yet calculated CVE-2021-22886
MISC
MISC
MISC
rockwell_automation — micrologix Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user. 2021-03-25 not yet calculated CVE-2021-22659
MISC
MISC
rpm — rpm A flaw was found in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. 2021-03-26 not yet calculated CVE-2021-20271
MISC
MISC
samsung — account Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. 2021-03-25 not yet calculated CVE-2021-25351
MISC
MISC
samsung — account Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. 2021-03-25 not yet calculated CVE-2021-25350
MISC
CONFIRM
samsung — bixby_voice Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. 2021-03-25 not yet calculated CVE-2021-25352
MISC
CONFIRM
samsung — cloud Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. 2021-03-25 not yet calculated CVE-2021-25368
MISC
CONFIRM
samsung — galazy_themes Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent. 2021-03-25 not yet calculated CVE-2021-25353
MISC
CONFIRM
samsung — internet Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode’s authentication. 2021-03-25 not yet calculated CVE-2021-25366
MISC
CONFIRM
samsung — internet Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. 2021-03-25 not yet calculated CVE-2021-25354
MISC
CONFIRM
samsung — multiple_products A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. 2021-03-26 not yet calculated CVE-2021-25371
MISC
CONFIRM
samsung — multiple_products An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. 2021-03-26 not yet calculated CVE-2021-25372
MISC
CONFIRM
samsung — multiple_products An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. 2021-03-26 not yet calculated CVE-2021-25370
MISC
CONFIRM
samsung — multiple_products An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. 2021-03-26 not yet calculated CVE-2021-25369
MISC
CONFIRM
samsung — notes Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent. 2021-03-25 not yet calculated CVE-2021-25355
MISC
CONFIRM
samsung — notes Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission. 2021-03-25 not yet calculated CVE-2021-25367
MISC
CONFIRM
samsung — slow_motion_editor Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. 2021-03-25 not yet calculated CVE-2021-25349
MISC
CONFIRM
solarwinds — orion_platform SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. 2021-03-26 not yet calculated CVE-2020-35856
CONFIRM
MISC
solarwinds — orion_platform The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. 2021-03-26 not yet calculated CVE-2021-3109
CONFIRM
MISC
synapse — synapse Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0. 2021-03-26 not yet calculated CVE-2021-21333
MISC
MISC
MISC
CONFIRM
synapse — synapse Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0. 2021-03-26 not yet calculated CVE-2021-21332
MISC
MISC
MISC
CONFIRM
tableau — server Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. 2021-03-26 not yet calculated CVE-2021-1629
MISC
tibco — rendezvous The Windows Installation component of TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition, TIBCO ActiveSpaces – Developer Edition, and TIBCO ActiveSpaces – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces – Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces – Enterprise Edition: versions 4.5.0 and below. 2021-03-23 not yet calculated CVE-2021-28824
CONFIRM
tibco — rendezvous The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.’s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.’s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. 2021-03-23 not yet calculated CVE-2021-28818
CONFIRM
tibco — rendezvous The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.5.0 and below, TIBCO FTL – Developer Edition: versions 6.5.0 and below, and TIBCO FTL – Enterprise Edition: versions 6.5.0 and below. 2021-03-23 not yet calculated CVE-2021-28820
CONFIRM
tibco — rendezvous The Windows Installation component of TIBCO Software Inc.’s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service – Community Edition, and TIBCO Enterprise Message Service – Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service – Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service – Developer Edition: versions 8.5.1 and below. 2021-03-23 not yet calculated CVE-2021-28821
CONFIRM
tibco — rendezvous The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.’s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service – Community Edition, and TIBCO Enterprise Message Service – Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service – Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service – Developer Edition: versions 8.5.1 and below. 2021-03-23 not yet calculated CVE-2021-28822
CONFIRM
tibco — rendezvous The Windows Installation component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.5.0 and below, TIBCO eFTL – Developer Edition: versions 6.5.0 and below, and TIBCO eFTL – Enterprise Edition: versions 6.5.0 and below. 2021-03-23 not yet calculated CVE-2021-28823
CONFIRM
tp-link — multiple_products Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. 2021-03-26 not yet calculated CVE-2021-3275
MISC
MISC
FULLDISC
MISC
univerge — aspire_series_devices UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command. 2021-03-26 not yet calculated CVE-2021-20677
MISC
MISC
vscode-sass-lint — vscode-sass-lint ** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-22 not yet calculated CVE-2021-28956
MISC
MISC
MISC
MISC
wire-server — wire-server wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the `GET /users/list-clients` endpoint. The endpoint could be used by any logged in user who could request client details of any other user (no connection required) as far as they can find their User ID. The exposed metadata included id, class, type, location, time, and cookie. A user on a Wire backend could use this endpoint to find registration time and location for each device for a given list of users. As a workaround, remove `/list-clients` from nginx config. This has been fixed in version 2021-03-02. 2021-03-26 not yet calculated CVE-2021-21396
MISC
MISC
CONFIRM
wordpress — wordpress BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it’s possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue. 2021-03-26 not yet calculated CVE-2021-21389
MISC
MISC
CONFIRM

Apple Releases Security Updates 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/26/2021 04:40 PM EDT
Original release date: March 26, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

•    watchOS 7.3.3
•    iOS 12.5.2
•    iOS 14.4.2 and iPadOS 14.4.2

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Releases Security Update

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

OpenSSL Releases Security Update

03/26/2021 11:27 AM EDT
Original release date: March 26, 2021

OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1–1.1.1j. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Samba Releases Security Updates

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

Samba Releases Security Updates

03/25/2021 11:32 AM EDT
Original release date: March 25, 2021

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Samba Security Announcements for CVE-2020-27840 and CVE-2021-20277 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/25/2021 11:30 AM EDT
Original release date: March 25, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Webshells Observed in Post-Compromised Exchange Servers  

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/25/2021 08:45 AM EDT
Original release date: March 25, 2021

CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each new MAR (AR21-084A and AR21-084B) identifies a webshell observed in post-compromised Microsoft Exchange Servers. After successful exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actor can upload a webshell to enable remote administration of the affected system.

CISA has also updated seven previously released MARs. The updated MARs now include CISA-developed YARA rules to help network defenders detect associated malware.

CISA encourages users and administrators to review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/24/2021 10:41 AM EDT
Original release date: March 24, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 87, Firefox ESR 78.9, and Thunderbird 78.9.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for ColdFusion

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/23/2021 09:51 AM EDT
Original release date: March 23, 2021

Adobe has released security updates to address a vulnerability affecting ColdFusion. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Adobe Security Bulletin APSB21-16 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of March 15, 2021

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Bulletins for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/22/2021 07:26 AM EDT
Original release date: March 22, 2021

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. 2021-03-12 9.3 CVE-2021-21069
MISC
MISC
adobe — framemaker Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 9.3 CVE-2021-21056
MISC
MISC
adobe — photoshop_2020 Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 9.3 CVE-2021-21067
MISC
dell — supportassist_client_promanage Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. 2021-03-12 7.2 CVE-2021-21518
CONFIRM
diesel_project — diesel An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed. 2021-03-12 7.5 CVE-2021-28305
MISC
domainmod — domainmod DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality. 2021-03-15 7.5 CVE-2020-35358
MISC
gnu — gnutls A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. 2021-03-12 7.5 CVE-2021-20231
MISC
MISC
gnu — gnutls A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. 2021-03-12 7.5 CVE-2021-20232
MISC
MISC
ibm — security_guardium IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802.. 2021-03-15 7.5 CVE-2020-4184
XF
CONFIRM
kill-process-by-name_project — kill-process-by-name This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. 2021-03-15 7.5 CVE-2021-23356
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. 2021-03-15 7.2 CVE-2021-28375
MISC
FEDORA
FEDORA
FEDORA
MISC
mcafee — endpoint_product_removal_tool Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location. 2021-03-15 7.2 CVE-2021-23879
CONFIRM
ps-kill_project — ps-kill This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require(‘ps-kill’); ps_kill.kill(‘$(touch success)’,function(){}); 2021-03-15 7.5 CVE-2021-23355
MISC
qualcomm — apq8009_firmware Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 7.5 CVE-2020-11227
CONFIRM
rabbitmq — jms_client JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. 2021-03-12 7.5 CVE-2020-36282
MISC
MISC
MISC
MISC
shopxo — shopxo A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. 2021-03-15 7.5 CVE-2021-27817
MISC
MISC
sonicwall — sma100_firmware A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a ‘nobody’ user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. 2021-03-13 9 CVE-2021-20017
CONFIRM
synology — diskstation_manager Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. 2021-03-12 7.5 CVE-2021-27646
CONFIRM
MISC
synology — diskstation_manager Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. 2021-03-12 7.5 CVE-2021-27647
CONFIRM
zzzcms — zzzphp A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. 2021-03-15 7.5 CVE-2020-24877
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adaltas — printf The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. 2021-03-12 5 CVE-2021-23354
CONFIRM
CONFIRM
CONFIRM
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21073
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21072
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 6.8 CVE-2021-21071
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 6.8 CVE-2021-21077
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21074
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21075
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21076
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field. 2021-03-12 4.3 CVE-2021-21079
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field. 2021-03-12 4.3 CVE-2021-21080
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account. 2021-03-12 6.8 CVE-2021-21085
MISC
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction 2021-03-12 4.4 CVE-2021-21078
MISC
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. 2021-03-12 4.4 CVE-2021-21068
MISC
adobe — photoshop Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 6.8 CVE-2021-21082
MISC
canonical — courier-authlib The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user’s existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash). 2021-03-15 5 CVE-2021-28374
MISC
cloudera — data_engineering In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. 2021-03-15 4 CVE-2021-3167
MISC
MISC
MISC
cryptshare — cryptshare_server A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1 2021-03-15 4.3 CVE-2021-3150
MISC
dogtagpki — dogtagpki A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. 2021-03-15 5.5 CVE-2021-20179
MISC
MISC
MISC
MISC
MISC
MISC
FEDORA
FEDORA
FEDORA
eclipse — theia In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected. 2021-03-12 4.3 CVE-2021-28161
CONFIRM
eclipse — theia In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run. 2021-03-12 4.3 CVE-2021-28162
CONFIRM
fltk_project — fltk An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon. 2021-03-12 5 CVE-2021-28307
MISC
fltk_project — fltk An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation. 2021-03-12 6.4 CVE-2021-28308
MISC
fltk_project — fltk An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent. 2021-03-12 5 CVE-2021-28306
MISC
getgrav — grav_cms The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF). 2021-03-15 5.1 CVE-2020-29553
MISC
ibm — api_connect IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536. 2021-03-15 4 CVE-2021-20440
XF
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965. 2021-03-12 5 CVE-2020-4831
XF
CONFIRM
is-svg_project — is-svg The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. 2021-03-12 5 CVE-2021-28092
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. 2021-03-12 5 CVE-2020-36281
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. 2021-03-12 5 CVE-2020-36278
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. 2021-03-12 5 CVE-2020-36279
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. 2021-03-12 5 CVE-2020-36280
MISC
MISC
MISC
linuxfoundation — argo-cd An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. 2021-03-15 4.3 CVE-2021-26924
MISC
MISC
linuxfoundation — argo-cd An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. 2021-03-15 5 CVE-2021-26923
MISC
MISC
mendix — forgot_password A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts. 2021-03-15 6.5 CVE-2021-25672
CONFIRM
msgpack5_project — msgpack5 msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a “Prototype Poisoning” vulnerability. When msgpack5 decodes a map containing a key “__proto__”, it assigns the decoded value to __proto__. Object.prototype.__proto__ is an accessor property for the receiver’s prototype. If the value corresponding to the key __proto__ decodes to an object or null, msgpack5 sets the decoded object’s prototype to that value. An attacker who can submit crafted MessagePack data to a service can use this to produce values that appear to be of other types; may have unexpected prototype properties and methods (for example length, numeric properties, and push et al if __proto__’s value decodes to an Array); and/or may throw unexpected exceptions when used (for example if the __proto__ value decodes to a Map or Date). Other unexpected behavior might be produced for other types. There is no effect on the global prototype. This “prototype poisoning” is sort of a very limited inversion of a prototype pollution attack. Only the decoded value’s prototype is affected, and it can only be set to msgpack5 values (though if the victim makes use of custom codecs, anything could be a msgpack5 value). We have not found a way to escalate this to true prototype pollution (absent other bugs in the consumer’s code). This has been fixed in msgpack5 version 3.6.1, 4.5.1, and 5.2.1. See the referenced GitHub Security Advisory for an example and more details. 2021-03-12 6.5 CVE-2021-21368
MISC
MISC
MISC
MISC
CONFIRM
MISC
mybb — mybb SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). 2021-03-15 6.5 CVE-2021-27946
MISC
mybb — mybb Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. 2021-03-15 4.3 CVE-2021-27889
MISC
mybb — mybb Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. 2021-03-15 4.3 CVE-2021-27949
MISC
mybb — mybb SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). 2021-03-15 6.5 CVE-2021-27948
MISC
mybb — mybb SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). 2021-03-15 6.5 CVE-2021-27947
MISC
myvestacp — myvesta web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. 2021-03-15 6.8 CVE-2021-28379
MISC
MISC
ntt-tx — magicconnect Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified directory and to execute arbitrary code with the privilege of the user invoking the installer when a terminal is connected remotely using Remote desktop. 2021-03-12 6.8 CVE-2021-20674
MISC
MISC
openmaint — openmaint Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any “Add” sections, such as Add Card Building & Floor, or others in the Name and Code Parameters. 2021-03-15 4.3 CVE-2021-27695
MISC
MISC
pupnp_project — pupnp A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. 2021-03-12 5 CVE-2021-28302
MISC
qualcomm — apq8009_firmware Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 5 CVE-2020-11226
CONFIRM
qualcomm — apq8009_firmware Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 6.4 CVE-2020-11189
CONFIRM
qualcomm — apq8009_firmware Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 6.4 CVE-2020-11190
CONFIRM
qualcomm — apq8017_firmware Buffer over read while processing MT SMS with maximum length due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile 2021-03-17 6.4 CVE-2020-11222
CONFIRM
qualcomm — apq8017_firmware Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-03-17 5 CVE-2020-11218
CONFIRM
qualcomm — aqt1000_firmware Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-03-17 4.6 CVE-2020-11228
CONFIRM
qualcomm — aqt1000_firmware While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-03-17 4.4 CVE-2020-11220
CONFIRM
qualcomm — aqt1000_firmware Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2021-03-17 4.4 CVE-2020-11230
CONFIRM
siemens — logo\!_8_bm_firmware A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset. 2021-03-15 4.9 CVE-2020-25236
CONFIRM
siemens — ruggedcom_rm1224_firmware A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. 2021-03-15 5 CVE-2021-25676
CONFIRM
siemens — ruggedcom_rm1224_firmware A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3), SCALANCE M-800 (All versions >= V4.3), SCALANCE S615 (All versions >= V4.3), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE X300WG (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XR500 (All versions < V6.2), SCALANCE Xx200 Family (All versions < V4.1). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. 2021-03-15 5.8 CVE-2021-25667
CONFIRM
siemens — simatic_mv440_sr_firmware A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions. 2021-03-15 5 CVE-2020-25241
CONFIRM
siemens — simatic_s7-plcsim A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, the application could enter an infinite loop, become unresponsive and must be restarted to restore the service. 2021-03-15 4.9 CVE-2021-25673
CONFIRM
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service. 2021-03-15 6.5 CVE-2020-25240
CONFIRM
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights. 2021-03-15 6.5 CVE-2020-25239
CONFIRM
siemens — solid_edge A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532) 2021-03-15 6.8 CVE-2021-27380
CONFIRM
siemens — solid_edge A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534) 2021-03-15 6.8 CVE-2021-27381
CONFIRM
siemens — solid_edge A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049) 2021-03-15 6.8 CVE-2020-28385
CONFIRM
siemens — solid_edge A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923) 2021-03-15 4.3 CVE-2020-28387
CONFIRM
sonicwall — sma100_firmware A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. 2021-03-13 4 CVE-2021-20018
CONFIRM
spdk — storage_performance_development_kit An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference. 2021-03-13 5 CVE-2021-28361
MISC
ssri_project — ssri ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. 2021-03-12 4.3 CVE-2021-27290
MISC
MISC
MISC
synology — diskstation_manager Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. 2021-03-12 6.8 CVE-2021-26569
CONFIRM
MISC
tt-rss — tiny_tiny_rss The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases. 2021-03-13 5 CVE-2021-28373
MISC
MISC
tyk — tyk All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request. 2021-03-15 4.6 CVE-2021-23357
MISC
MISC
xilinx — zynq-7000s_firmware When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification to the Zynq-7000 device is needed to replace the original nand flash memory with a nand flash emulator for this attack to be successful. 2021-03-15 4.6 CVE-2021-27208
MISC
MISC
MISC
zohocorp — manageengine_servicedesk_plus Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). 2021-03-13 6.5 CVE-2020-35682
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
gitea — gitea Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations. 2021-03-15 3.5 CVE-2021-28378
MISC
MISC
qualcomm — apq8009_firmware HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-03-17 2.1 CVE-2020-11199
CONFIRM
qualcomm — apq8009_firmware Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-03-17 2.1 CVE-2020-11221
CONFIRM
siemens — simatic_s7-plcsim A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service. 2021-03-15 2.1 CVE-2021-25674
CONFIRM
siemens — simatic_s7-plcsim A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service. 2021-03-15 2.1 CVE-2021-25675
CONFIRM
zte — zxone_9700_firmware Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>; 2021-03-12 2.1 CVE-2021-21726
MISC

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wordpress — wordpress Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. 2021-03-18 not yet calculated CVE-2021-24141
CONFIRM
acexy — wireless-n_wifi_repeater_rev_1.0 Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page (“Repeater Wizard” homepage section). 2021-03-18 not yet calculated CVE-2021-28160
MISC
MISC
advantech — spectra_rt_ert351_routers Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. 2021-03-17 not yet calculated CVE-2019-18235
MISC
MISC
advantech — spectra_rt_ert351_routers In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. 2021-03-17 not yet calculated CVE-2019-18233
MISC
MISC
advantech — spectra_rt_ert351_routers Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request. 2021-03-17 not yet calculated CVE-2019-18231
MISC
MISC
advantech — webaccess/scada WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. 2021-03-18 not yet calculated CVE-2021-27436
MISC
aimeos — aimeos The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account. 2021-03-16 not yet calculated CVE-2021-28380
MISC
apache — ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. 2021-03-17 not yet calculated CVE-2020-13924
CONFIRM
apache — hive Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8 2021-03-16 not yet calculated CVE-2020-1926
CONFIRM
CONFIRM
apache — openmeetings If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0 2021-03-15 not yet calculated CVE-2021-27576
CONFIRM
apache — pdfbox A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 2021-03-19 not yet calculated CVE-2021-27906
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
apache — pdfbox A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 2021-03-19 not yet calculated CVE-2021-27807
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
apicast — apicast A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue. 2021-03-18 not yet calculated CVE-2019-14852
MISC
busybox — busybox decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. 2021-03-19 not yet calculated CVE-2021-28831
MISC
cairo — image-compositor A flaw was found in cairo’s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo’s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-03-18 not yet calculated CVE-2020-35492
MISC
cisco — rv134W_vdsl2_wireless-ac_vpn_routers A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. 2021-03-18 not yet calculated CVE-2021-1287
CISCO
concrete — cms Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. 2021-03-18 not yet calculated CVE-2021-28145
CONFIRM
MISC
cybozu — office Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20626
MISC
MISC
cybozu — office Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20634
MISC
MISC
cybozu — office Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox. 2021-03-18 not yet calculated CVE-2021-20628
MISC
MISC
cybozu — office Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20632
MISC
MISC
cybozu — office Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20627
MISC
MISC
cybozu — office Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20629
MISC
MISC
cybozu — office Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20624
MISC
MISC
cybozu — office Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20625
MISC
MISC
cybozu — office Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20630
MISC
MISC
cybozu — office Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20631
MISC
MISC
cybozu — office Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20633
MISC
MISC
eic — e-document_system EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends. 2021-03-17 not yet calculated CVE-2021-22860
CONFIRM
CONFIRM
CONFIRM
eic — e-document_system The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege. 2021-03-17 not yet calculated CVE-2021-22859
CONFIRM
CONFIRM
CONFIRM
eslint-fixer — eslint-fixer ** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted. 2021-03-19 not yet calculated CVE-2021-26275
MISC
MISC
exacq_technologies — exacqvision A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. 2021-03-18 not yet calculated CVE-2021-27656
CERT
CONFIRM
expressionengine — expressionengine ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. 2021-03-15 not yet calculated CVE-2021-27230
MISC
MISC
MISC
MISC
MISC
fabric8 — kubernetes-client A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 2021-03-16 not yet calculated CVE-2021-20218
MISC
MISC
faststone — image_viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2021-03-18 not yet calculated CVE-2021-26235
MISC
faststone — image_viewer FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, ‘BitCount’ file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file. 2021-03-18 not yet calculated CVE-2021-26236
MISC
MISC
MISC
faststone — image_viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2021-03-18 not yet calculated CVE-2021-26234
MISC
faststone — image_viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2021-03-18 not yet calculated CVE-2021-26233
MISC
faststone — image_viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2021-03-18 not yet calculated CVE-2021-26237
MISC
fedoraproject — fedora Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn’t expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it’s possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc…) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI). 2021-03-12 not yet calculated CVE-2021-21367
MISC
MISC
CONFIRM
FEDORA
FEDORA
FEDORA
fedoraproject — glib autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. 2021-03-17 not yet calculated CVE-2021-28650
MISC
FEDORA
fluxbb — fluxbb Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server. 2021-03-17 not yet calculated CVE-2020-28873
MISC
MISC
ftapi — ftapi FTAPI 4.0 – 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. 2021-03-19 not yet calculated CVE-2021-25277
MISC
MISC
ftapi — ftapi FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. 2021-03-19 not yet calculated CVE-2021-25278
MISC
MISC
fudforum — fudforum A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “author” parameter. 2021-03-19 not yet calculated CVE-2021-27520
MISC
fudforum — fudforum A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “srch” parameter. 2021-03-19 not yet calculated CVE-2021-27519
MISC
fujitsu — serverview_suite_irmc Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages. 2021-03-17 not yet calculated CVE-2020-17457
CONFIRM
MISC
google — chrome Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-16 not yet calculated CVE-2021-21192
MISC
MISC
google — chrome Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-16 not yet calculated CVE-2021-21191
MISC
MISC
google — chrome Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-16 not yet calculated CVE-2021-21193
MISC
MISC
grafana — grafana The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. 2021-03-18 not yet calculated CVE-2021-27358
CONFIRM
CONFIRM
grav — grav_cms The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) 2021-03-15 not yet calculated CVE-2020-29555
MISC
grav — grav_cms The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) 2021-03-15 not yet calculated CVE-2020-29556
MISC
hamilton_medical — t1-ventillators In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface’s logs to get valid checksums for tampered configuration files. 2021-03-15 not yet calculated CVE-2020-27290
MISC
hamilton_medical — t1-ventillators In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files. 2021-03-15 not yet calculated CVE-2020-27282
MISC
hamilton_medical — t1-ventillators In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface. 2021-03-15 not yet calculated CVE-2020-27278
MISC
hgiga — mailsherlock HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege. 2021-03-18 not yet calculated CVE-2021-22848
MISC
http-proxy-agent — http-proxy-agent A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. 2021-03-19 not yet calculated CVE-2019-10196
MISC
MISC
ibm — resillent_soar IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. 2021-03-19 not yet calculated CVE-2020-4635
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450. 2021-03-16 not yet calculated CVE-2020-4851
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. 2021-03-16 not yet calculated CVE-2020-4890
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974. 2021-03-16 not yet calculated CVE-2020-4891
XF
CONFIRM
it-recht — kanzlei The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection. 2021-03-19 not yet calculated CVE-2020-6577
MISC
MISC
jenkins — jenkins Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. 2021-03-18 not yet calculated CVE-2021-21626
MLIST
CONFIRM
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. 2021-03-18 not yet calculated CVE-2021-21627
MLIST
CONFIRM
jenkins — jenkins Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. 2021-03-18 not yet calculated CVE-2021-21625
MLIST
CONFIRM
jenkins — jenkins An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. 2021-03-18 not yet calculated CVE-2021-21624
MLIST
CONFIRM
jenkins — jenkins An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. 2021-03-18 not yet calculated CVE-2021-21623
MLIST
CONFIRM
jetbrains — phpstorm In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. 2021-03-18 not yet calculated CVE-2021-25764
MISC
MISC
kde — kde libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor ) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) 2021-03-20 not yet calculated CVE-2021-28117
MISC
CONFIRM
CONFIRM
MISC
kong — gateway An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. 2021-03-18 not yet calculated CVE-2021-27306
MISC
MISC
kramdown — kramdown Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. 2021-03-19 not yet calculated CVE-2021-28834
MISC
MISC
MISC
libnbd — libnbd A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. 2021-03-15 not yet calculated CVE-2021-20286
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. 2021-03-20 not yet calculated CVE-2020-27171
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. 2021-03-20 not yet calculated CVE-2021-28951
MISC
linux — linux_kernel An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A “stall on CPU” can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. 2021-03-20 not yet calculated CVE-2021-28950
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) 2021-03-20 not yet calculated CVE-2021-28952
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. 2021-03-20 not yet calculated CVE-2020-27170
MISC
MISC
MISC
linux — linux_kernel rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. 2021-03-17 not yet calculated CVE-2021-28660
MISC
FEDORA
m-system — dl8_series M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20676
MISC
MISC
m-system — dl8_series M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to cause a denial of service (DoS) condition via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20675
MISC
MISC
mariadb — mariadb A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. 2021-03-19 not yet calculated CVE-2021-27928
MISC
MISC
MISC
MISC
MISC
MISC
mediainfo — medianinfo Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. 2021-03-18 not yet calculated CVE-2020-26797
MISC
mikrotik — routeros ** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor’s position is that this is intended behavior because of how user policies work. 2021-03-19 not yet calculated CVE-2021-27221
MISC
minio — minio MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using “aws-chunked” encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS. 2021-03-19 not yet calculated CVE-2021-21390
MISC
MISC
CONFIRM
moodle — moodle The web service responsible for fetching other users’ enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20283
MISC
FEDORA
MISC
moodle — moodle When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20282
MISC
FEDORA
MISC
moodle — moodle Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20280
MISC
FEDORA
MISC
moodle — moodle A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role. 2021-03-19 not yet calculated CVE-2019-14828
MISC
moodle — moodle A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum’s subscription mode was set to “forced subscription”, the forum’s subscribe link contained an open redirect. 2021-03-19 not yet calculated CVE-2019-14831
MISC
MISC
moodle — moodle It was possible for some users without permission to view other users’ full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20281
MISC
FEDORA
MISC
moodle — moodle A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user’s mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is “via the app”). 2021-03-19 not yet calculated CVE-2019-14830
MISC
MISC
moodle — moodle A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode. 2021-03-19 not yet calculated CVE-2019-14829
MISC
MISC
moodle — moodle The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20279
MISC
FEDORA
MISC
mvfst — mvfst A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00. 2021-03-15 not yet calculated CVE-2021-24029
CONFIRM
CONFIRM
mybb — mybb SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. 2021-03-15 not yet calculated CVE-2021-27890
MISC
mydbr — mydbr myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS. 2021-03-15 not yet calculated CVE-2020-28149
MISC
nats — server_and_jwt_library NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. 2021-03-16 not yet calculated CVE-2021-3127
MISC
nbdkit — nbdkit A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side. 2021-03-18 not yet calculated CVE-2019-14850
MISC
MISC
nbdkit — nbdkit A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1. 2021-03-18 not yet calculated CVE-2019-14851
MISC
MISC
nessus — agent Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. 2021-03-19 not yet calculated CVE-2021-20077
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). 2021-03-19 not yet calculated CVE-2021-26992
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. 2021-03-19 not yet calculated CVE-2021-26991
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. 2021-03-19 not yet calculated CVE-2021-26990
MISC
netapp — multiple_products Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. 2021-03-15 not yet calculated CVE-2021-26987
CONFIRM
openshift — builder A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. 2021-03-16 not yet calculated CVE-2021-3344
MISC
openshift — container_platform A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high. 2021-03-19 not yet calculated CVE-2019-10200
MISC
MISC
openshift — container_platform A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn’t sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files. 2021-03-19 not yet calculated CVE-2019-10225
MISC
openvswitch — openvswitch A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. 2021-03-18 not yet calculated CVE-2020-27827
MISC
MISC
ovation — dynamic_content Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. 2021-03-19 not yet calculated CVE-2021-3327
MISC
MISC
paid_memberships_pro — paid_memberships_pro SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20678
MISC
MISC
MISC
patchmerge — patchmerge Prototype pollution vulnerability in ‘patchmerge’ versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. 2021-03-16 not yet calculated CVE-2021-25916
MISC
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. 2021-03-19 not yet calculated CVE-2021-25291
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. 2021-03-19 not yet calculated CVE-2021-25289
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. 2021-03-19 not yet calculated CVE-2021-25293
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. 2021-03-19 not yet calculated CVE-2021-25292
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. 2021-03-19 not yet calculated CVE-2021-25290
MISC
pion — webrtc Pion WebRTC before 3.0.15 didn’t properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn’t allow the user to continue if verification has failed.) 2021-03-18 not yet calculated CVE-2021-28681
MISC
MISC
port-killer — port-killer This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. 2021-03-18 not yet calculated CVE-2021-23359
MISC
MISC
portainer — portainer Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover. 2021-03-16 not yet calculated CVE-2020-24264
MISC
portainer — portainer Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. 2021-03-16 not yet calculated CVE-2020-24263
MISC
postgresql — postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. 2021-03-19 not yet calculated CVE-2019-10128
MISC
MISC
postgresql — postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files. 2021-03-19 not yet calculated CVE-2019-10127
MISC
MISC
pulse_secure — psa5000_and_psa7000_models A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device. 2021-03-16 not yet calculated CVE-2021-22887
MISC
MISC
pygments — pygments In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. 2021-03-17 not yet calculated CVE-2021-27291
MISC
MISC
MLIST
qemu — qemu A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. 2021-03-18 not yet calculated CVE-2021-3416
MISC
MISC
qiita — markdown Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. 2021-03-18 not yet calculated CVE-2021-28796
MISC
quadbase — espressreports An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads. 2021-03-15 not yet calculated CVE-2020-24985
MISC
quadbase — expressdashboard An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account. 2021-03-15 not yet calculated CVE-2020-24982
MISC
qualcomm — multiple_snapdragon_products Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11188
CONFIRM
qualcomm — multiple_snapdragon_products Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2021-03-17 not yet calculated CVE-2020-11186
CONFIRM
qualcomm — multiple_snapdragon_products Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-03-17 not yet calculated CVE-2020-11308
CONFIRM
qualcomm — multiple_snapdragon_products Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11192
CONFIRM
qualcomm — multiple_snapdragon_products Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11166
CONFIRM
qualcomm — multiple_snapdragon_products Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11309
CONFIRM
qualcomm — multiple_snapdragon_products Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11171
CONFIRM
qualcomm — multiple_snapdragon_products Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music 2021-03-17 not yet calculated CVE-2020-11305
CONFIRM
qualcomm — multiple_snapdragon_products Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11299
CONFIRM
qualcomm — multiple_snapdragon_products Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11290
CONFIRM
red_hat — quay A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user’s container repository. Red Hat Quay 2 and 3 are vulnerable to this issue. 2021-03-18 not yet calculated CVE-2019-3867
MISC
red_hat — red_hat It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue. 2021-03-16 not yet calculated CVE-2019-3897
MISC
red_hat — red_hat If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. 2021-03-15 not yet calculated CVE-2021-3418
MISC
redash — redash Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form[“email”], request.form[“password”]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {“username”: username} code lacks sanitization. 2021-03-18 not yet calculated CVE-2020-36144
MISC
MISC
rockwell_automation — drivetools_sp Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. 2021-03-18 not yet calculated CVE-2021-22665
MISC
MISC
rockwell_automation — factorytalk_services_platform In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. 2021-03-18 not yet calculated CVE-2020-14516
MISC
schema-inspector — schema-inspector Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn’t vulnerable to ReDoS. 2021-03-19 not yet calculated CVE-2021-21267
MISC
CONFIRM
MISC
seeddms — seeddms SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. 2021-03-18 not yet calculated CVE-2021-26215
MISC
MISC
seeddms — seeddms SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. 2021-03-18 not yet calculated CVE-2021-26216
MISC
MISC
seo — panel The “order_col” parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. 2021-03-18 not yet calculated CVE-2021-28419
MISC
seo — panel A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the “search_name” parameter. 2021-03-18 not yet calculated CVE-2021-28417
MISC
seo — panel A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the “category” parameter. 2021-03-18 not yet calculated CVE-2021-28418
MISC
seo — panel A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the “from_time” parameter. 2021-03-18 not yet calculated CVE-2021-28420
MISC
shadow — shadow The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM’s nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. 2021-03-17 not yet calculated CVE-2017-20002
MISC
MISC
MLIST
shescape — shescape shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required. 2021-03-19 not yet calculated CVE-2021-21384
MISC
MISC
CONFIRM
MISC
silverstripe — silberstripe_cms A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL. 2021-03-16 not yet calculated CVE-2021-27938
MISC
CONFIRM
softaculous — softaculous Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. 2021-03-18 not yet calculated CVE-2020-26886
MISC
MISC
MISC
sourcecodester — onlineordering Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure. 2021-03-16 not yet calculated CVE-2021-28295
MISC
sourcecodester — onlineordering Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). 2021-03-16 not yet calculated CVE-2021-28294
MISC
squid — squid An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. 2021-03-19 not yet calculated CVE-2020-25097
MISC
MISC
MISC
ssh — tectica_client_and_server SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. 2021-03-15 not yet calculated CVE-2021-27893
MISC
ssh — tectica_client_and_server SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. 2021-03-15 not yet calculated CVE-2021-27892
MISC
ssh — tectica_client_and_server SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected. 2021-03-15 not yet calculated CVE-2021-27891
MISC
stackstorm — stackstorm StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name). 2021-03-18 not yet calculated CVE-2021-28667
MISC
stormshield — network_security In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service. 2021-03-19 not yet calculated CVE-2021-27506
CONFIRM
subversion — mod_authz_svn Subversion’s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 2021-03-17 not yet calculated CVE-2020-17525
MISC
swift — development_environment The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace. 2021-03-18 not yet calculated CVE-2021-28792
MISC
taidii — diibear The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. 2021-03-17 not yet calculated CVE-2020-35455
MISC
MISC
taidii — diibear The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. 2021-03-17 not yet calculated CVE-2020-35454
MISC
MISC
taidii — diibear The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging. 2021-03-17 not yet calculated CVE-2020-35456
MISC
MISC
tor_project — tor Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. 2021-03-19 not yet calculated CVE-2021-28090
CONFIRM
CONFIRM
MISC
tor_project — tor Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. 2021-03-19 not yet calculated CVE-2021-28089
CONFIRM
MISC
tranzware — e-commerce_payment_gateway /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. 2021-03-19 not yet calculated CVE-2021-28110
MISC
tranzware — e-commerce_payment_gateway index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability 2021-03-19 not yet calculated CVE-2021-28126
MISC
tranzware — fimi TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). 2021-03-19 not yet calculated CVE-2021-28109
MISC
MISC
ua-parser-js — ua-parser-js ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. 2021-03-17 not yet calculated CVE-2021-27292
MISC
MISC
MISC
unisys — stealth In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. 2021-03-18 not yet calculated CVE-2021-3141
MISC
urlib3 — urlib3 The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn’t given via proxy_config) doesn’t verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. 2021-03-15 not yet calculated CVE-2021-28363
CONFIRM
MISC
CONFIRM
CONFIRM
utimaco — securityserver Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. 2021-03-18 not yet calculated CVE-2020-26155
MISC
MISC
varnish — varnish-modules Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers. 2021-03-16 not yet calculated CVE-2021-28543
FEDORA
MISC
vhs — vhs The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper. 2021-03-16 not yet calculated CVE-2021-28381
MISC
visual_code_studio — visual_code_studio The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. 2021-03-18 not yet calculated CVE-2021-28794
MISC
MISC
visual_code_studio — visual_code_studio The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace. 2021-03-18 not yet calculated CVE-2021-28791
MISC
visual_code_studio — visual_code_studio The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace. 2021-03-18 not yet calculated CVE-2021-28790
MISC
visual_code_studio — visual_code_studio The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace. 2021-03-18 not yet calculated CVE-2021-28789
MISC
western_digital — g-technology_armorlock_nvme The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. 2021-03-19 not yet calculated CVE-2021-28653
MISC
wiki.js — wiki.js Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render. 2021-03-18 not yet calculated CVE-2021-21383
MISC
MISC
CONFIRM
wireshark — wireshark Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 2021-03-15 not yet calculated CVE-2021-22191
CONFIRM
MISC
MISC
wordpress — wordpress Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. 2021-03-18 not yet calculated CVE-2021-24149
CONFIRM
wordpress — wordpress Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+). 2021-03-18 not yet calculated CVE-2021-24131
CONFIRM
wordpress — wordpress The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if “Role Options” is turn on for other users) to perform a SQL Injection attacks. 2021-03-18 not yet calculated CVE-2021-24132
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. 2021-03-18 not yet calculated CVE-2021-24134
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation. 2021-03-18 not yet calculated CVE-2021-24127
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML. 2021-03-18 not yet calculated CVE-2021-24135
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. 2021-03-18 not yet calculated CVE-2021-24126
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: – Author – Job Title – Location – Company – Email – URL 2021-03-18 not yet calculated CVE-2021-24136
CONFIRM
wordpress — wordpress Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. 2021-03-18 not yet calculated CVE-2021-24137
CONFIRM
wordpress — wordpress Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. 2021-03-18 not yet calculated CVE-2021-24139
CONFIRM
wordpress — wordpress Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=’ or sleep(5)#&type=test. 2021-03-18 not yet calculated CVE-2021-24140
CONFIRM
wordpress — wordpress Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. 2021-03-18 not yet calculated CVE-2021-24143
CONFIRM
wordpress — wordpress Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the ‘text/csv’ content-type in the request. 2021-03-18 not yet calculated CVE-2021-24145
CONFIRM
wordpress — wordpress A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. 2021-03-18 not yet calculated CVE-2021-24148
CONFIRM
wordpress — wordpress Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. 2021-03-18 not yet calculated CVE-2021-24123
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the ‘Description/biography’ of a member. 2021-03-18 not yet calculated CVE-2021-24128
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. 2021-03-18 not yet calculated CVE-2021-24124
CONFIRM
wordpress — wordpress Unvalidated input in the Contact Form Submissions WordPress plugin, versions 1.6.4 and before, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) 2021-03-18 not yet calculated CVE-2021-24125
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation. 2021-03-18 not yet calculated CVE-2021-24129
CONFIRM
wordpress — wordpress Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+). 2021-03-18 not yet calculated CVE-2021-24130
CONFIRM
wordpress — wordpress Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker’s account. 2021-03-18 not yet calculated CVE-2021-24133
CONFIRM
wordpress — wordpress Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param “id”. This requires an admin privileged user. 2021-03-18 not yet calculated CVE-2021-24138
CONFIRM
wordpress — wordpress Unvaludated input in the 301 Redirects – Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its “Redirect From” column when importing a CSV file, allowing high privilege users to perform SQL injections. 2021-03-18 not yet calculated CVE-2021-24142
CONFIRM
wordpress — wordpress Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. 2021-03-18 not yet calculated CVE-2021-24144
CONFIRM
wordpress — wordpress Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. 2021-03-18 not yet calculated CVE-2021-24146
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event. 2021-03-18 not yet calculated CVE-2021-24147
CONFIRM
wowonder — wowonder In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. 2021-03-18 not yet calculated CVE-2021-26935
MISC
MISC
wrongthink — wrongthink Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0. 2021-03-19 not yet calculated CVE-2021-21387
CONFIRM
zen — cart Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. 2021-03-19 not yet calculated CVE-2020-6578
MISC
MISC
zoho — manageengine_desktop_central The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. 2021-03-18 not yet calculated CVE-2020-9367
CONFIRM
zoom — zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant’s screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue. 2021-03-18 not yet calculated CVE-2021-28133
FULLDISC
MISC
MISC
MISC
MISC
MISC
zyxel — lte4506-m606_v1.00_devices The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network. 2021-03-16 not yet calculated CVE-2020-28899
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/18/2021 10:53 AM EDT
Original release date: March 18, 2021

CISA Hunt and Incident Response Program (CHIRP) is a new forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with the SolarWinds and Active Directory/M365 Compromise. CHIRP is freely available on the CISA GitHub repository.

Similar to the CISA-developed Sparrow tool—which scans for signs of APT compromise within an M365 or Azure environment—CHIRP scans for signs of APT compromise within an on-premises environment.

CISA Alert AA21-077A: Detecting Post-Compromise Threat Activity using the CHIRP IOC Detection Tool provides guidance on using the new tool. This Alert is a companion to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations and AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud. For additional guidance watch CISA’s CHIRP Overview video.

CISA encourages users and administrations to review the Alert for more information. For more technical information on the SolarWinds Orion supply chain compromise, see CISA’s Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise web page. For general information on CISA’s response to the supply chain compromise, refer to cisa.gov/supply-chain-compromise.

This product is provided subject to this Notification and this Privacy & Use policy.