Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/24/2021 10:41 AM EDT
Original release date: March 24, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 87, Firefox ESR 78.9, and Thunderbird 78.9.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for ColdFusion

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/23/2021 09:51 AM EDT
Original release date: March 23, 2021

Adobe has released security updates to address a vulnerability affecting ColdFusion. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Adobe Security Bulletin APSB21-16 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of March 15, 2021

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Bulletins for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/22/2021 07:26 AM EDT
Original release date: March 22, 2021

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. 2021-03-12 9.3 CVE-2021-21069
MISC
MISC
adobe — framemaker Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 9.3 CVE-2021-21056
MISC
MISC
adobe — photoshop_2020 Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 9.3 CVE-2021-21067
MISC
dell — supportassist_client_promanage Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. 2021-03-12 7.2 CVE-2021-21518
CONFIRM
diesel_project — diesel An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed. 2021-03-12 7.5 CVE-2021-28305
MISC
domainmod — domainmod DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality. 2021-03-15 7.5 CVE-2020-35358
MISC
gnu — gnutls A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. 2021-03-12 7.5 CVE-2021-20231
MISC
MISC
gnu — gnutls A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. 2021-03-12 7.5 CVE-2021-20232
MISC
MISC
ibm — security_guardium IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802.. 2021-03-15 7.5 CVE-2020-4184
XF
CONFIRM
kill-process-by-name_project — kill-process-by-name This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. 2021-03-15 7.5 CVE-2021-23356
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. 2021-03-15 7.2 CVE-2021-28375
MISC
FEDORA
FEDORA
FEDORA
MISC
mcafee — endpoint_product_removal_tool Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location. 2021-03-15 7.2 CVE-2021-23879
CONFIRM
ps-kill_project — ps-kill This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require(‘ps-kill’); ps_kill.kill(‘$(touch success)’,function(){}); 2021-03-15 7.5 CVE-2021-23355
MISC
qualcomm — apq8009_firmware Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 7.5 CVE-2020-11227
CONFIRM
rabbitmq — jms_client JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. 2021-03-12 7.5 CVE-2020-36282
MISC
MISC
MISC
MISC
shopxo — shopxo A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. 2021-03-15 7.5 CVE-2021-27817
MISC
MISC
sonicwall — sma100_firmware A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a ‘nobody’ user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. 2021-03-13 9 CVE-2021-20017
CONFIRM
synology — diskstation_manager Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. 2021-03-12 7.5 CVE-2021-27646
CONFIRM
MISC
synology — diskstation_manager Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. 2021-03-12 7.5 CVE-2021-27647
CONFIRM
zzzcms — zzzphp A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. 2021-03-15 7.5 CVE-2020-24877
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adaltas — printf The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. 2021-03-12 5 CVE-2021-23354
CONFIRM
CONFIRM
CONFIRM
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21073
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21072
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 6.8 CVE-2021-21071
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 6.8 CVE-2021-21077
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21074
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21075
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 5.8 CVE-2021-21076
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field. 2021-03-12 4.3 CVE-2021-21079
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field. 2021-03-12 4.3 CVE-2021-21080
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account. 2021-03-12 6.8 CVE-2021-21085
MISC
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction 2021-03-12 4.4 CVE-2021-21078
MISC
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. 2021-03-12 4.4 CVE-2021-21068
MISC
adobe — photoshop Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 6.8 CVE-2021-21082
MISC
canonical — courier-authlib The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user’s existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash). 2021-03-15 5 CVE-2021-28374
MISC
cloudera — data_engineering In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. 2021-03-15 4 CVE-2021-3167
MISC
MISC
MISC
cryptshare — cryptshare_server A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1 2021-03-15 4.3 CVE-2021-3150
MISC
dogtagpki — dogtagpki A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. 2021-03-15 5.5 CVE-2021-20179
MISC
MISC
MISC
MISC
MISC
MISC
FEDORA
FEDORA
FEDORA
eclipse — theia In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected. 2021-03-12 4.3 CVE-2021-28161
CONFIRM
eclipse — theia In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run. 2021-03-12 4.3 CVE-2021-28162
CONFIRM
fltk_project — fltk An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon. 2021-03-12 5 CVE-2021-28307
MISC
fltk_project — fltk An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation. 2021-03-12 6.4 CVE-2021-28308
MISC
fltk_project — fltk An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent. 2021-03-12 5 CVE-2021-28306
MISC
getgrav — grav_cms The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF). 2021-03-15 5.1 CVE-2020-29553
MISC
ibm — api_connect IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536. 2021-03-15 4 CVE-2021-20440
XF
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965. 2021-03-12 5 CVE-2020-4831
XF
CONFIRM
is-svg_project — is-svg The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. 2021-03-12 5 CVE-2021-28092
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. 2021-03-12 5 CVE-2020-36281
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. 2021-03-12 5 CVE-2020-36278
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. 2021-03-12 5 CVE-2020-36279
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. 2021-03-12 5 CVE-2020-36280
MISC
MISC
MISC
linuxfoundation — argo-cd An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. 2021-03-15 4.3 CVE-2021-26924
MISC
MISC
linuxfoundation — argo-cd An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. 2021-03-15 5 CVE-2021-26923
MISC
MISC
mendix — forgot_password A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts. 2021-03-15 6.5 CVE-2021-25672
CONFIRM
msgpack5_project — msgpack5 msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a “Prototype Poisoning” vulnerability. When msgpack5 decodes a map containing a key “__proto__”, it assigns the decoded value to __proto__. Object.prototype.__proto__ is an accessor property for the receiver’s prototype. If the value corresponding to the key __proto__ decodes to an object or null, msgpack5 sets the decoded object’s prototype to that value. An attacker who can submit crafted MessagePack data to a service can use this to produce values that appear to be of other types; may have unexpected prototype properties and methods (for example length, numeric properties, and push et al if __proto__’s value decodes to an Array); and/or may throw unexpected exceptions when used (for example if the __proto__ value decodes to a Map or Date). Other unexpected behavior might be produced for other types. There is no effect on the global prototype. This “prototype poisoning” is sort of a very limited inversion of a prototype pollution attack. Only the decoded value’s prototype is affected, and it can only be set to msgpack5 values (though if the victim makes use of custom codecs, anything could be a msgpack5 value). We have not found a way to escalate this to true prototype pollution (absent other bugs in the consumer’s code). This has been fixed in msgpack5 version 3.6.1, 4.5.1, and 5.2.1. See the referenced GitHub Security Advisory for an example and more details. 2021-03-12 6.5 CVE-2021-21368
MISC
MISC
MISC
MISC
CONFIRM
MISC
mybb — mybb SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). 2021-03-15 6.5 CVE-2021-27946
MISC
mybb — mybb Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. 2021-03-15 4.3 CVE-2021-27889
MISC
mybb — mybb Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. 2021-03-15 4.3 CVE-2021-27949
MISC
mybb — mybb SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). 2021-03-15 6.5 CVE-2021-27948
MISC
mybb — mybb SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). 2021-03-15 6.5 CVE-2021-27947
MISC
myvestacp — myvesta web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. 2021-03-15 6.8 CVE-2021-28379
MISC
MISC
ntt-tx — magicconnect Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified directory and to execute arbitrary code with the privilege of the user invoking the installer when a terminal is connected remotely using Remote desktop. 2021-03-12 6.8 CVE-2021-20674
MISC
MISC
openmaint — openmaint Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any “Add” sections, such as Add Card Building & Floor, or others in the Name and Code Parameters. 2021-03-15 4.3 CVE-2021-27695
MISC
MISC
pupnp_project — pupnp A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. 2021-03-12 5 CVE-2021-28302
MISC
qualcomm — apq8009_firmware Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 5 CVE-2020-11226
CONFIRM
qualcomm — apq8009_firmware Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 6.4 CVE-2020-11189
CONFIRM
qualcomm — apq8009_firmware Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 6.4 CVE-2020-11190
CONFIRM
qualcomm — apq8017_firmware Buffer over read while processing MT SMS with maximum length due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile 2021-03-17 6.4 CVE-2020-11222
CONFIRM
qualcomm — apq8017_firmware Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-03-17 5 CVE-2020-11218
CONFIRM
qualcomm — aqt1000_firmware Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-03-17 4.6 CVE-2020-11228
CONFIRM
qualcomm — aqt1000_firmware While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-03-17 4.4 CVE-2020-11220
CONFIRM
qualcomm — aqt1000_firmware Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2021-03-17 4.4 CVE-2020-11230
CONFIRM
siemens — logo\!_8_bm_firmware A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset. 2021-03-15 4.9 CVE-2020-25236
CONFIRM
siemens — ruggedcom_rm1224_firmware A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. 2021-03-15 5 CVE-2021-25676
CONFIRM
siemens — ruggedcom_rm1224_firmware A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3), SCALANCE M-800 (All versions >= V4.3), SCALANCE S615 (All versions >= V4.3), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE X300WG (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XR500 (All versions < V6.2), SCALANCE Xx200 Family (All versions < V4.1). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. 2021-03-15 5.8 CVE-2021-25667
CONFIRM
siemens — simatic_mv440_sr_firmware A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions. 2021-03-15 5 CVE-2020-25241
CONFIRM
siemens — simatic_s7-plcsim A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, the application could enter an infinite loop, become unresponsive and must be restarted to restore the service. 2021-03-15 4.9 CVE-2021-25673
CONFIRM
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service. 2021-03-15 6.5 CVE-2020-25240
CONFIRM
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights. 2021-03-15 6.5 CVE-2020-25239
CONFIRM
siemens — solid_edge A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532) 2021-03-15 6.8 CVE-2021-27380
CONFIRM
siemens — solid_edge A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534) 2021-03-15 6.8 CVE-2021-27381
CONFIRM
siemens — solid_edge A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049) 2021-03-15 6.8 CVE-2020-28385
CONFIRM
siemens — solid_edge A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923) 2021-03-15 4.3 CVE-2020-28387
CONFIRM
sonicwall — sma100_firmware A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. 2021-03-13 4 CVE-2021-20018
CONFIRM
spdk — storage_performance_development_kit An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference. 2021-03-13 5 CVE-2021-28361
MISC
ssri_project — ssri ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. 2021-03-12 4.3 CVE-2021-27290
MISC
MISC
MISC
synology — diskstation_manager Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. 2021-03-12 6.8 CVE-2021-26569
CONFIRM
MISC
tt-rss — tiny_tiny_rss The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases. 2021-03-13 5 CVE-2021-28373
MISC
MISC
tyk — tyk All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request. 2021-03-15 4.6 CVE-2021-23357
MISC
MISC
xilinx — zynq-7000s_firmware When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification to the Zynq-7000 device is needed to replace the original nand flash memory with a nand flash emulator for this attack to be successful. 2021-03-15 4.6 CVE-2021-27208
MISC
MISC
MISC
zohocorp — manageengine_servicedesk_plus Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). 2021-03-13 6.5 CVE-2020-35682
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
gitea — gitea Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations. 2021-03-15 3.5 CVE-2021-28378
MISC
MISC
qualcomm — apq8009_firmware HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-03-17 2.1 CVE-2020-11199
CONFIRM
qualcomm — apq8009_firmware Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-03-17 2.1 CVE-2020-11221
CONFIRM
siemens — simatic_s7-plcsim A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service. 2021-03-15 2.1 CVE-2021-25674
CONFIRM
siemens — simatic_s7-plcsim A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service. 2021-03-15 2.1 CVE-2021-25675
CONFIRM
zte — zxone_9700_firmware Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>; 2021-03-12 2.1 CVE-2021-21726
MISC

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wordpress — wordpress Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. 2021-03-18 not yet calculated CVE-2021-24141
CONFIRM
acexy — wireless-n_wifi_repeater_rev_1.0 Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page (“Repeater Wizard” homepage section). 2021-03-18 not yet calculated CVE-2021-28160
MISC
MISC
advantech — spectra_rt_ert351_routers Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. 2021-03-17 not yet calculated CVE-2019-18235
MISC
MISC
advantech — spectra_rt_ert351_routers In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. 2021-03-17 not yet calculated CVE-2019-18233
MISC
MISC
advantech — spectra_rt_ert351_routers Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request. 2021-03-17 not yet calculated CVE-2019-18231
MISC
MISC
advantech — webaccess/scada WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. 2021-03-18 not yet calculated CVE-2021-27436
MISC
aimeos — aimeos The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account. 2021-03-16 not yet calculated CVE-2021-28380
MISC
apache — ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. 2021-03-17 not yet calculated CVE-2020-13924
CONFIRM
apache — hive Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8 2021-03-16 not yet calculated CVE-2020-1926
CONFIRM
CONFIRM
apache — openmeetings If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0 2021-03-15 not yet calculated CVE-2021-27576
CONFIRM
apache — pdfbox A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 2021-03-19 not yet calculated CVE-2021-27906
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
apache — pdfbox A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 2021-03-19 not yet calculated CVE-2021-27807
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
apicast — apicast A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue. 2021-03-18 not yet calculated CVE-2019-14852
MISC
busybox — busybox decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. 2021-03-19 not yet calculated CVE-2021-28831
MISC
cairo — image-compositor A flaw was found in cairo’s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo’s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-03-18 not yet calculated CVE-2020-35492
MISC
cisco — rv134W_vdsl2_wireless-ac_vpn_routers A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. 2021-03-18 not yet calculated CVE-2021-1287
CISCO
concrete — cms Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. 2021-03-18 not yet calculated CVE-2021-28145
CONFIRM
MISC
cybozu — office Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20626
MISC
MISC
cybozu — office Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20634
MISC
MISC
cybozu — office Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox. 2021-03-18 not yet calculated CVE-2021-20628
MISC
MISC
cybozu — office Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20632
MISC
MISC
cybozu — office Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20627
MISC
MISC
cybozu — office Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20629
MISC
MISC
cybozu — office Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20624
MISC
MISC
cybozu — office Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20625
MISC
MISC
cybozu — office Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20630
MISC
MISC
cybozu — office Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20631
MISC
MISC
cybozu — office Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20633
MISC
MISC
eic — e-document_system EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends. 2021-03-17 not yet calculated CVE-2021-22860
CONFIRM
CONFIRM
CONFIRM
eic — e-document_system The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege. 2021-03-17 not yet calculated CVE-2021-22859
CONFIRM
CONFIRM
CONFIRM
eslint-fixer — eslint-fixer ** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted. 2021-03-19 not yet calculated CVE-2021-26275
MISC
MISC
exacq_technologies — exacqvision A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. 2021-03-18 not yet calculated CVE-2021-27656
CERT
CONFIRM
expressionengine — expressionengine ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. 2021-03-15 not yet calculated CVE-2021-27230
MISC
MISC
MISC
MISC
MISC
fabric8 — kubernetes-client A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 2021-03-16 not yet calculated CVE-2021-20218
MISC
MISC
faststone — image_viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2021-03-18 not yet calculated CVE-2021-26235
MISC
faststone — image_viewer FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, ‘BitCount’ file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file. 2021-03-18 not yet calculated CVE-2021-26236
MISC
MISC
MISC
faststone — image_viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2021-03-18 not yet calculated CVE-2021-26234
MISC
faststone — image_viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2021-03-18 not yet calculated CVE-2021-26233
MISC
faststone — image_viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2021-03-18 not yet calculated CVE-2021-26237
MISC
fedoraproject — fedora Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn’t expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it’s possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc…) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI). 2021-03-12 not yet calculated CVE-2021-21367
MISC
MISC
CONFIRM
FEDORA
FEDORA
FEDORA
fedoraproject — glib autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. 2021-03-17 not yet calculated CVE-2021-28650
MISC
FEDORA
fluxbb — fluxbb Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server. 2021-03-17 not yet calculated CVE-2020-28873
MISC
MISC
ftapi — ftapi FTAPI 4.0 – 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. 2021-03-19 not yet calculated CVE-2021-25277
MISC
MISC
ftapi — ftapi FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. 2021-03-19 not yet calculated CVE-2021-25278
MISC
MISC
fudforum — fudforum A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “author” parameter. 2021-03-19 not yet calculated CVE-2021-27520
MISC
fudforum — fudforum A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “srch” parameter. 2021-03-19 not yet calculated CVE-2021-27519
MISC
fujitsu — serverview_suite_irmc Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages. 2021-03-17 not yet calculated CVE-2020-17457
CONFIRM
MISC
google — chrome Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-16 not yet calculated CVE-2021-21192
MISC
MISC
google — chrome Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-16 not yet calculated CVE-2021-21191
MISC
MISC
google — chrome Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-16 not yet calculated CVE-2021-21193
MISC
MISC
grafana — grafana The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. 2021-03-18 not yet calculated CVE-2021-27358
CONFIRM
CONFIRM
grav — grav_cms The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) 2021-03-15 not yet calculated CVE-2020-29555
MISC
grav — grav_cms The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) 2021-03-15 not yet calculated CVE-2020-29556
MISC
hamilton_medical — t1-ventillators In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface’s logs to get valid checksums for tampered configuration files. 2021-03-15 not yet calculated CVE-2020-27290
MISC
hamilton_medical — t1-ventillators In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files. 2021-03-15 not yet calculated CVE-2020-27282
MISC
hamilton_medical — t1-ventillators In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface. 2021-03-15 not yet calculated CVE-2020-27278
MISC
hgiga — mailsherlock HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege. 2021-03-18 not yet calculated CVE-2021-22848
MISC
http-proxy-agent — http-proxy-agent A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. 2021-03-19 not yet calculated CVE-2019-10196
MISC
MISC
ibm — resillent_soar IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. 2021-03-19 not yet calculated CVE-2020-4635
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450. 2021-03-16 not yet calculated CVE-2020-4851
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. 2021-03-16 not yet calculated CVE-2020-4890
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974. 2021-03-16 not yet calculated CVE-2020-4891
XF
CONFIRM
it-recht — kanzlei The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection. 2021-03-19 not yet calculated CVE-2020-6577
MISC
MISC
jenkins — jenkins Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. 2021-03-18 not yet calculated CVE-2021-21626
MLIST
CONFIRM
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. 2021-03-18 not yet calculated CVE-2021-21627
MLIST
CONFIRM
jenkins — jenkins Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. 2021-03-18 not yet calculated CVE-2021-21625
MLIST
CONFIRM
jenkins — jenkins An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. 2021-03-18 not yet calculated CVE-2021-21624
MLIST
CONFIRM
jenkins — jenkins An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. 2021-03-18 not yet calculated CVE-2021-21623
MLIST
CONFIRM
jetbrains — phpstorm In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. 2021-03-18 not yet calculated CVE-2021-25764
MISC
MISC
kde — kde libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor ) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) 2021-03-20 not yet calculated CVE-2021-28117
MISC
CONFIRM
CONFIRM
MISC
kong — gateway An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. 2021-03-18 not yet calculated CVE-2021-27306
MISC
MISC
kramdown — kramdown Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. 2021-03-19 not yet calculated CVE-2021-28834
MISC
MISC
MISC
libnbd — libnbd A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. 2021-03-15 not yet calculated CVE-2021-20286
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. 2021-03-20 not yet calculated CVE-2020-27171
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. 2021-03-20 not yet calculated CVE-2021-28951
MISC
linux — linux_kernel An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A “stall on CPU” can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. 2021-03-20 not yet calculated CVE-2021-28950
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) 2021-03-20 not yet calculated CVE-2021-28952
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. 2021-03-20 not yet calculated CVE-2020-27170
MISC
MISC
MISC
linux — linux_kernel rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. 2021-03-17 not yet calculated CVE-2021-28660
MISC
FEDORA
m-system — dl8_series M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20676
MISC
MISC
m-system — dl8_series M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to cause a denial of service (DoS) condition via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20675
MISC
MISC
mariadb — mariadb A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. 2021-03-19 not yet calculated CVE-2021-27928
MISC
MISC
MISC
MISC
MISC
MISC
mediainfo — medianinfo Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. 2021-03-18 not yet calculated CVE-2020-26797
MISC
mikrotik — routeros ** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor’s position is that this is intended behavior because of how user policies work. 2021-03-19 not yet calculated CVE-2021-27221
MISC
minio — minio MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using “aws-chunked” encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS. 2021-03-19 not yet calculated CVE-2021-21390
MISC
MISC
CONFIRM
moodle — moodle The web service responsible for fetching other users’ enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20283
MISC
FEDORA
MISC
moodle — moodle When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20282
MISC
FEDORA
MISC
moodle — moodle Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20280
MISC
FEDORA
MISC
moodle — moodle A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role. 2021-03-19 not yet calculated CVE-2019-14828
MISC
moodle — moodle A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum’s subscription mode was set to “forced subscription”, the forum’s subscribe link contained an open redirect. 2021-03-19 not yet calculated CVE-2019-14831
MISC
MISC
moodle — moodle It was possible for some users without permission to view other users’ full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20281
MISC
FEDORA
MISC
moodle — moodle A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user’s mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is “via the app”). 2021-03-19 not yet calculated CVE-2019-14830
MISC
MISC
moodle — moodle A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode. 2021-03-19 not yet calculated CVE-2019-14829
MISC
MISC
moodle — moodle The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 2021-03-15 not yet calculated CVE-2021-20279
MISC
FEDORA
MISC
mvfst — mvfst A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00. 2021-03-15 not yet calculated CVE-2021-24029
CONFIRM
CONFIRM
mybb — mybb SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. 2021-03-15 not yet calculated CVE-2021-27890
MISC
mydbr — mydbr myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS. 2021-03-15 not yet calculated CVE-2020-28149
MISC
nats — server_and_jwt_library NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. 2021-03-16 not yet calculated CVE-2021-3127
MISC
nbdkit — nbdkit A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side. 2021-03-18 not yet calculated CVE-2019-14850
MISC
MISC
nbdkit — nbdkit A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1. 2021-03-18 not yet calculated CVE-2019-14851
MISC
MISC
nessus — agent Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. 2021-03-19 not yet calculated CVE-2021-20077
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). 2021-03-19 not yet calculated CVE-2021-26992
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. 2021-03-19 not yet calculated CVE-2021-26991
MISC
netapp — cloud_manager Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. 2021-03-19 not yet calculated CVE-2021-26990
MISC
netapp — multiple_products Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. 2021-03-15 not yet calculated CVE-2021-26987
CONFIRM
openshift — builder A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. 2021-03-16 not yet calculated CVE-2021-3344
MISC
openshift — container_platform A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high. 2021-03-19 not yet calculated CVE-2019-10200
MISC
MISC
openshift — container_platform A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn’t sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files. 2021-03-19 not yet calculated CVE-2019-10225
MISC
openvswitch — openvswitch A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. 2021-03-18 not yet calculated CVE-2020-27827
MISC
MISC
ovation — dynamic_content Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. 2021-03-19 not yet calculated CVE-2021-3327
MISC
MISC
paid_memberships_pro — paid_memberships_pro SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2021-03-18 not yet calculated CVE-2021-20678
MISC
MISC
MISC
patchmerge — patchmerge Prototype pollution vulnerability in ‘patchmerge’ versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. 2021-03-16 not yet calculated CVE-2021-25916
MISC
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. 2021-03-19 not yet calculated CVE-2021-25291
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. 2021-03-19 not yet calculated CVE-2021-25289
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. 2021-03-19 not yet calculated CVE-2021-25293
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. 2021-03-19 not yet calculated CVE-2021-25292
MISC
pillow — pillow An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. 2021-03-19 not yet calculated CVE-2021-25290
MISC
pion — webrtc Pion WebRTC before 3.0.15 didn’t properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn’t allow the user to continue if verification has failed.) 2021-03-18 not yet calculated CVE-2021-28681
MISC
MISC
port-killer — port-killer This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. 2021-03-18 not yet calculated CVE-2021-23359
MISC
MISC
portainer — portainer Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover. 2021-03-16 not yet calculated CVE-2020-24264
MISC
portainer — portainer Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. 2021-03-16 not yet calculated CVE-2020-24263
MISC
postgresql — postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. 2021-03-19 not yet calculated CVE-2019-10128
MISC
MISC
postgresql — postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files. 2021-03-19 not yet calculated CVE-2019-10127
MISC
MISC
pulse_secure — psa5000_and_psa7000_models A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device. 2021-03-16 not yet calculated CVE-2021-22887
MISC
MISC
pygments — pygments In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. 2021-03-17 not yet calculated CVE-2021-27291
MISC
MISC
MLIST
qemu — qemu A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. 2021-03-18 not yet calculated CVE-2021-3416
MISC
MISC
qiita — markdown Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. 2021-03-18 not yet calculated CVE-2021-28796
MISC
quadbase — espressreports An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads. 2021-03-15 not yet calculated CVE-2020-24985
MISC
quadbase — expressdashboard An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account. 2021-03-15 not yet calculated CVE-2020-24982
MISC
qualcomm — multiple_snapdragon_products Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11188
CONFIRM
qualcomm — multiple_snapdragon_products Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2021-03-17 not yet calculated CVE-2020-11186
CONFIRM
qualcomm — multiple_snapdragon_products Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-03-17 not yet calculated CVE-2020-11308
CONFIRM
qualcomm — multiple_snapdragon_products Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11192
CONFIRM
qualcomm — multiple_snapdragon_products Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11166
CONFIRM
qualcomm — multiple_snapdragon_products Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11309
CONFIRM
qualcomm — multiple_snapdragon_products Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11171
CONFIRM
qualcomm — multiple_snapdragon_products Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music 2021-03-17 not yet calculated CVE-2020-11305
CONFIRM
qualcomm — multiple_snapdragon_products Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11299
CONFIRM
qualcomm — multiple_snapdragon_products Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-03-17 not yet calculated CVE-2020-11290
CONFIRM
red_hat — quay A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user’s container repository. Red Hat Quay 2 and 3 are vulnerable to this issue. 2021-03-18 not yet calculated CVE-2019-3867
MISC
red_hat — red_hat It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue. 2021-03-16 not yet calculated CVE-2019-3897
MISC
red_hat — red_hat If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. 2021-03-15 not yet calculated CVE-2021-3418
MISC
redash — redash Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form[“email”], request.form[“password”]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {“username”: username} code lacks sanitization. 2021-03-18 not yet calculated CVE-2020-36144
MISC
MISC
rockwell_automation — drivetools_sp Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. 2021-03-18 not yet calculated CVE-2021-22665
MISC
MISC
rockwell_automation — factorytalk_services_platform In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. 2021-03-18 not yet calculated CVE-2020-14516
MISC
schema-inspector — schema-inspector Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn’t vulnerable to ReDoS. 2021-03-19 not yet calculated CVE-2021-21267
MISC
CONFIRM
MISC
seeddms — seeddms SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. 2021-03-18 not yet calculated CVE-2021-26215
MISC
MISC
seeddms — seeddms SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. 2021-03-18 not yet calculated CVE-2021-26216
MISC
MISC
seo — panel The “order_col” parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. 2021-03-18 not yet calculated CVE-2021-28419
MISC
seo — panel A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the “search_name” parameter. 2021-03-18 not yet calculated CVE-2021-28417
MISC
seo — panel A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the “category” parameter. 2021-03-18 not yet calculated CVE-2021-28418
MISC
seo — panel A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the “from_time” parameter. 2021-03-18 not yet calculated CVE-2021-28420
MISC
shadow — shadow The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM’s nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. 2021-03-17 not yet calculated CVE-2017-20002
MISC
MISC
MLIST
shescape — shescape shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required. 2021-03-19 not yet calculated CVE-2021-21384
MISC
MISC
CONFIRM
MISC
silverstripe — silberstripe_cms A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL. 2021-03-16 not yet calculated CVE-2021-27938
MISC
CONFIRM
softaculous — softaculous Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. 2021-03-18 not yet calculated CVE-2020-26886
MISC
MISC
MISC
sourcecodester — onlineordering Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure. 2021-03-16 not yet calculated CVE-2021-28295
MISC
sourcecodester — onlineordering Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). 2021-03-16 not yet calculated CVE-2021-28294
MISC
squid — squid An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. 2021-03-19 not yet calculated CVE-2020-25097
MISC
MISC
MISC
ssh — tectica_client_and_server SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. 2021-03-15 not yet calculated CVE-2021-27893
MISC
ssh — tectica_client_and_server SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. 2021-03-15 not yet calculated CVE-2021-27892
MISC
ssh — tectica_client_and_server SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected. 2021-03-15 not yet calculated CVE-2021-27891
MISC
stackstorm — stackstorm StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name). 2021-03-18 not yet calculated CVE-2021-28667
MISC
stormshield — network_security In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service. 2021-03-19 not yet calculated CVE-2021-27506
CONFIRM
subversion — mod_authz_svn Subversion’s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 2021-03-17 not yet calculated CVE-2020-17525
MISC
swift — development_environment The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace. 2021-03-18 not yet calculated CVE-2021-28792
MISC
taidii — diibear The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. 2021-03-17 not yet calculated CVE-2020-35455
MISC
MISC
taidii — diibear The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. 2021-03-17 not yet calculated CVE-2020-35454
MISC
MISC
taidii — diibear The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging. 2021-03-17 not yet calculated CVE-2020-35456
MISC
MISC
tor_project — tor Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. 2021-03-19 not yet calculated CVE-2021-28090
CONFIRM
CONFIRM
MISC
tor_project — tor Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. 2021-03-19 not yet calculated CVE-2021-28089
CONFIRM
MISC
tranzware — e-commerce_payment_gateway /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. 2021-03-19 not yet calculated CVE-2021-28110
MISC
tranzware — e-commerce_payment_gateway index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability 2021-03-19 not yet calculated CVE-2021-28126
MISC
tranzware — fimi TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). 2021-03-19 not yet calculated CVE-2021-28109
MISC
MISC
ua-parser-js — ua-parser-js ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. 2021-03-17 not yet calculated CVE-2021-27292
MISC
MISC
MISC
unisys — stealth In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. 2021-03-18 not yet calculated CVE-2021-3141
MISC
urlib3 — urlib3 The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn’t given via proxy_config) doesn’t verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. 2021-03-15 not yet calculated CVE-2021-28363
CONFIRM
MISC
CONFIRM
CONFIRM
utimaco — securityserver Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. 2021-03-18 not yet calculated CVE-2020-26155
MISC
MISC
varnish — varnish-modules Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers. 2021-03-16 not yet calculated CVE-2021-28543
FEDORA
MISC
vhs — vhs The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper. 2021-03-16 not yet calculated CVE-2021-28381
MISC
visual_code_studio — visual_code_studio The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. 2021-03-18 not yet calculated CVE-2021-28794
MISC
MISC
visual_code_studio — visual_code_studio The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace. 2021-03-18 not yet calculated CVE-2021-28791
MISC
visual_code_studio — visual_code_studio The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace. 2021-03-18 not yet calculated CVE-2021-28790
MISC
visual_code_studio — visual_code_studio The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace. 2021-03-18 not yet calculated CVE-2021-28789
MISC
western_digital — g-technology_armorlock_nvme The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. 2021-03-19 not yet calculated CVE-2021-28653
MISC
wiki.js — wiki.js Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render. 2021-03-18 not yet calculated CVE-2021-21383
MISC
MISC
CONFIRM
wireshark — wireshark Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 2021-03-15 not yet calculated CVE-2021-22191
CONFIRM
MISC
MISC
wordpress — wordpress Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. 2021-03-18 not yet calculated CVE-2021-24149
CONFIRM
wordpress — wordpress Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+). 2021-03-18 not yet calculated CVE-2021-24131
CONFIRM
wordpress — wordpress The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if “Role Options” is turn on for other users) to perform a SQL Injection attacks. 2021-03-18 not yet calculated CVE-2021-24132
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. 2021-03-18 not yet calculated CVE-2021-24134
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation. 2021-03-18 not yet calculated CVE-2021-24127
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML. 2021-03-18 not yet calculated CVE-2021-24135
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. 2021-03-18 not yet calculated CVE-2021-24126
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: – Author – Job Title – Location – Company – Email – URL 2021-03-18 not yet calculated CVE-2021-24136
CONFIRM
wordpress — wordpress Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. 2021-03-18 not yet calculated CVE-2021-24137
CONFIRM
wordpress — wordpress Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. 2021-03-18 not yet calculated CVE-2021-24139
CONFIRM
wordpress — wordpress Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=’ or sleep(5)#&type=test. 2021-03-18 not yet calculated CVE-2021-24140
CONFIRM
wordpress — wordpress Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. 2021-03-18 not yet calculated CVE-2021-24143
CONFIRM
wordpress — wordpress Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the ‘text/csv’ content-type in the request. 2021-03-18 not yet calculated CVE-2021-24145
CONFIRM
wordpress — wordpress A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. 2021-03-18 not yet calculated CVE-2021-24148
CONFIRM
wordpress — wordpress Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. 2021-03-18 not yet calculated CVE-2021-24123
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the ‘Description/biography’ of a member. 2021-03-18 not yet calculated CVE-2021-24128
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. 2021-03-18 not yet calculated CVE-2021-24124
CONFIRM
wordpress — wordpress Unvalidated input in the Contact Form Submissions WordPress plugin, versions 1.6.4 and before, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) 2021-03-18 not yet calculated CVE-2021-24125
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation. 2021-03-18 not yet calculated CVE-2021-24129
CONFIRM
wordpress — wordpress Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+). 2021-03-18 not yet calculated CVE-2021-24130
CONFIRM
wordpress — wordpress Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker’s account. 2021-03-18 not yet calculated CVE-2021-24133
CONFIRM
wordpress — wordpress Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param “id”. This requires an admin privileged user. 2021-03-18 not yet calculated CVE-2021-24138
CONFIRM
wordpress — wordpress Unvaludated input in the 301 Redirects – Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its “Redirect From” column when importing a CSV file, allowing high privilege users to perform SQL injections. 2021-03-18 not yet calculated CVE-2021-24142
CONFIRM
wordpress — wordpress Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. 2021-03-18 not yet calculated CVE-2021-24144
CONFIRM
wordpress — wordpress Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. 2021-03-18 not yet calculated CVE-2021-24146
CONFIRM
wordpress — wordpress Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event. 2021-03-18 not yet calculated CVE-2021-24147
CONFIRM
wowonder — wowonder In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. 2021-03-18 not yet calculated CVE-2021-26935
MISC
MISC
wrongthink — wrongthink Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0. 2021-03-19 not yet calculated CVE-2021-21387
CONFIRM
zen — cart Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. 2021-03-19 not yet calculated CVE-2020-6578
MISC
MISC
zoho — manageengine_desktop_central The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. 2021-03-18 not yet calculated CVE-2020-9367
CONFIRM
zoom — zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant’s screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue. 2021-03-18 not yet calculated CVE-2021-28133
FULLDISC
MISC
MISC
MISC
MISC
MISC
zyxel — lte4506-m606_v1.00_devices The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network. 2021-03-16 not yet calculated CVE-2020-28899
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/18/2021 10:53 AM EDT
Original release date: March 18, 2021

CISA Hunt and Incident Response Program (CHIRP) is a new forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with the SolarWinds and Active Directory/M365 Compromise. CHIRP is freely available on the CISA GitHub repository.

Similar to the CISA-developed Sparrow tool—which scans for signs of APT compromise within an M365 or Azure environment—CHIRP scans for signs of APT compromise within an on-premises environment.

CISA Alert AA21-077A: Detecting Post-Compromise Threat Activity using the CHIRP IOC Detection Tool provides guidance on using the new tool. This Alert is a companion to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations and AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud. For additional guidance watch CISA’s CHIRP Overview video.

CISA encourages users and administrations to review the Alert for more information. For more technical information on the SolarWinds Orion supply chain compromise, see CISA’s Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise web page. For general information on CISA’s response to the supply chain compromise, refer to cisa.gov/supply-chain-compromise.

This product is provided subject to this Notification and this Privacy & Use policy.

AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Alerts for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/18/2021 02:00 PM EDT
Original release date: March 18, 2021

Summary

This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts:

Similar to Sparrow—which scans for signs of APT compromise within an M365 or Azure environment—CHIRP scans for signs of APT compromise within an on-premises environment.

In this release, CHIRP, by default, searches for IOCs associated with malicious activity detailed in AA20-352A and AA21-008A that has spilled into an on-premises enterprise environment.

CHIRP is freely available on the CISA GitHub Repository. Note: CISA will continue to release plugins and IOC packages for new threats via the CISA GitHub Repository.

CISA advises organizations to use CHIRP to:

  • Examine Windows event logs for artifacts associated with this activity;
  • Examine Windows Registry for evidence of intrusion;
  • Query Windows network artifacts; and
  • Apply YARA rules to detect malware, backdoors, or implants.

Network defenders should review and confirm any post-compromise threat activity detected by the tool. CISA has provided confidence scores for each IOC and YARA rule included with CHIRP’s release. For confirmed positive hits, CISA recommends collecting a forensic image of the relevant system(s) and conducting a forensic analysis on the system(s).

If an organization does not have the capability to follow the guidance in this Alert, consider soliciting third-party IT security support. Note: Responding to confirmed positive hits is essential to evict an adversary from a compromised network.

Click here for a PDF version of this report.

Technical Details

How CHIRP Works

CHIRP is a command-line executable with a dynamic plugin and indicator system to search for signs of compromise. CHIRP has plugins to search through event logs and registry keys and run YARA rules to scan for signs of APT tactics, techniques, and procedures. CHIRP also has a YAML file that contains a list of IOCs that CISA associates with the malware and APT activity detailed in CISA Alerts AA20-352A and AA21-008A.

Currently, the tool looks for:

  • The presence of malware identified by security researchers as TEARDROP and RAINDROP;
  • Credential dumping certificate pulls;
  • Certain persistence mechanisms identified as associated with this campaign;
  • System, network, and M365 enumeration; and
  • Known observable indicators of lateral movement.

Network defenders can follow step-by-step instructions on the CISA CHIRP GitHub repository to add additional IOCs, YARA rules, or plugins to CHIRP to search for post-compromise threat activity related to the SolarWinds Orion supply chain compromise or new threat activity.

Compatibility

CHIRP currently only scans Windows operating systems.

Instructions

CHIRP is available on CISA’s GitHub repository in two forms:

  1. A compiled executable
  2. A python script

CISA recommends using the compiled version to easily scan a system for APT activity. For instructions to run, read the README.md in the CHIRP GitHub repository.

If you choose to use the native Python version, see the detailed instructions on the CHIRP GitHub repository.

Mitigations

Interpreting the Results

CHIRP provides results of its scan in JSON format. CISA encourages uploading the results into a security information and event management (SIEM) system, if available. If no SIEM system is available, results can be viewed in a compatible web browser or text editor. If CHIRP detects any post-compromise threat activity, those detections should be reviewed and confirmed. CISA has provided confidence scores for each IOC and YARA rule included with CHIRP’s release. For confirmed positive hits, CISA recommends collecting a forensic image of the relevant system(s) and conducting a forensic analysis on the system(s).

If you do not have the capability to follow the guidance in this Alert, consider soliciting third-party IT security support. Note: Responding to confirmed positive hits is essential to evict an adversary from a compromised network.

Frequently Asked Questions

  1. What systems should CHIRP run on?Systems running SolarWinds Orion or believed to be involved in any resulting lateral movement.
  2. What should I do with results?Ingest the JSON results into a SIEM system, web browser, or text editor.
  3. Are there existing tools that CHIRP complements and/or provide the same benefit as CHIRP?
    1. Antivirus software developers may have begun to roll out detections for the SolarWinds post-compromise activity. However, those products can miss historical signs of compromise. CHIRP can provide a complementary benefit to antivirus when run.
    2. CISA previously released the Sparrow tool that scans for APT activity within M365 and Azure environments related to activity detailed in CISA Alerts AA20-352A and AA21-008A. CHIRP provides a complementary capability to Sparrow by scanning for on-premises systems for similar activity.
  4. How often should I run CHIRP?CHIRP can be run once or routinely. Currently, CHIRP does not provide a mechanism to run repeatedly in its native format.
  5. Do I need to configure the tool before I run it?No.
  6. Will CHIRP change or affect anything on the system(s) it runs on?No, CHIRP only scans the system(s) it runs on and makes no active changes.
  7. How long will it take to run CHIRP?CHIRP will complete its scan in approximately 1 to 2 hours. Duration will be dependent on the level of activity, the system, and the size of the resident data sets. CHIRP will provide periodic progress updates as it runs.
  8. If I have questions, who do I contact?  For general questions regarding CHIRP, please contact CISA via email at central@cisa.dhs.gov or by phone at 1-888-282-0870. For reporting indicators of potential compromise, contact us by submitting a report through our website at https://us-cert.cisa.gov/report. For all technical issues or support for CHIRP, please submit issues at the CISA CHIRP GitHub Repository.

Revisions

  • March 18, 2021: Initial Publication

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/18/2021 11:25 AM EDT
Original release date: March 18, 2021

Cisco has released security updates to address a vulnerability in Cisco Small Business routers. A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-rv-132w134w-overflow-Pptt4H2p and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/17/2021 11:29 AM EDT
Original release date: March 17, 2021

CISA has released a table of tactics, techniques, and procedures (TTPs) used by the advanced persistent threat (APT) actor involved with the recent SolarWinds and Active Directory/M365 compromise. The table uses the MITRE ATT&CK framework to identify APT TTPs and includes detection recommendations. This information will assist network defenders in detecting and responding to this activity.

CISA encourages network defenders to review SolarWinds and AD/M365 Compromise: Detecting APT Activity from Known TTPs and implement the recommendations. CISA also recommends network defenders review the following resources regarding this incident:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA-FBI Joint Advisory on TrickBot Malware

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/17/2021 10:58 AM EDT
Original release date: March 17, 2021

CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities.

To secure against TrickBot, CISA and the FBI recommend users and administrators review AA21-076A: TrickBot Malware as well as CISA’s Fact Sheet: TrickBot Malware for guidance on implementing specific mitigation measures to protect against this activity.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Exchange On-premises Mitigation Tool

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/16/2021 08:19 PM EDT
Original release date: March 16, 2021

Microsoft has released the Exchange On-premises Mitigation Tool (EOMT.ps1) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: “[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.” CISA recommends users review the EOMT.ps1 blog post for directions on using the tool.

CISA encourages users and administrators to review the following resources for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of March 8, 2021

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/15/2021 07:25 AM EDT
Original release date: March 15, 2021

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arubanetworks — airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. 2021-03-05 9 CVE-2021-26962
MISC
arubanetworks — airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. 2021-03-05 9 CVE-2021-26963
MISC
deutschepost — mailoptimizer Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. 2021-03-05 8.3 CVE-2021-28042
MISC
MISC
drweb — security_space Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate. 2021-03-08 7.2 CVE-2020-23967
MISC
MISC
MISC
google — android In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175116439 2021-03-10 7.2 CVE-2021-0455
MISC
google — android In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117047 2021-03-10 7.2 CVE-2021-0454
MISC
madge_project — madge This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function. 2021-03-09 7.5 CVE-2021-23352
MISC
MISC
MISC
microsoft — windows_10 Windows Hyper-V Remote Code Execution Vulnerability 2021-03-11 7.2 CVE-2021-26867
MISC
microsoft — windows_10 Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26875, CVE-2021-26900, CVE-2021-27077. 2021-03-11 7.2 CVE-2021-26863
MISC
MISC
microsoft — windows_10 Windows Installer Elevation of Privilege Vulnerability 2021-03-11 7.2 CVE-2021-26862
MISC
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26895, CVE-2021-26897. 2021-03-11 10 CVE-2021-26894
MISC
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897. 2021-03-11 7.5 CVE-2021-26893
MISC
nano_arena_project — nano_arena An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free. 2021-03-05 7.5 CVE-2021-28032
MISC
newlib_project — newlib A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow. 2021-03-05 7.5 CVE-2021-3420
MISC
FEDORA
FEDORA
openbsd — openssh ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. 2021-03-05 7.5 CVE-2021-28041
MISC
MISC
MISC
MISC
sfcyazilim — sonlogger SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file. 2021-03-05 7.5 CVE-2021-27964
MISC
MISC
spnego_http_authentication_module_project — spnego_http_authentication_module In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of spnego-http-auth-nginx-module. As a workaround, one may disable basic authentication. 2021-03-08 7.5 CVE-2021-21335
MISC
MISC
CONFIRM
thedaylightstudio — fuel_cms FUEL CMS 1.4.8 allows SQL injection via the ‘fuel_replace_id’ parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 2021-03-10 7.5 CVE-2020-24791
MISC
MISC
MISC
totvs — fluig The TOTVS Fluig platform allows path traversal through the parameter “file = .. /” encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 2021-03-05 7.8 CVE-2020-29134
MISC
MISC
MISC
xmlhttprequest_project — xmlhttprequest This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run. 2021-03-05 7.5 CVE-2020-28502
MISC
MISC
MISC
MISC
MISC
zohocorp — manageengine_applications_control_plus Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation. 2021-03-05 7.5 CVE-2020-29658
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
afterlogic — aurora An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password). 2021-03-07 5 CVE-2021-26294
MISC
ansi_up_project — ansi_up The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0. 2021-03-05 4.3 CVE-2021-3377
MISC
MISC
arubanetworks — airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. 2021-03-05 6.5 CVE-2021-26970
MISC
arubanetworks — airwave A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. 2021-03-05 4.3 CVE-2021-26967
MISC
arubanetworks — airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. 2021-03-05 6.5 CVE-2021-26971
MISC
arubanetworks — airwave A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. 2021-03-05 6.8 CVE-2021-26961
MISC
arubanetworks — airwave A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. 2021-03-05 6.8 CVE-2021-26960
MISC
arubanetworks — airwave A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. 2021-03-05 5.5 CVE-2021-26964
MISC
arubanetworks — airwave A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. 2021-03-05 5.5 CVE-2021-26965
MISC
arubanetworks — airwave A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. 2021-03-05 5.5 CVE-2021-26966
MISC
arubanetworks — airwave A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. 2021-03-05 5.5 CVE-2021-26969
MISC
dell — emc_powerscale_onefs PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation. 2021-03-08 4.6 CVE-2021-21503
MISC
dell — emc_powerscale_onefs PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation. 2021-03-08 6.5 CVE-2021-21506
MISC
dell — idrac8_firmware Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. 2021-03-08 5.8 CVE-2021-21510
MISC
elastic — elasticsearch A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view. 2021-03-08 4 CVE-2021-22134
MISC
facebook — react-dev-utils react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you’re consuming it from react-scripts then this issue does not affect you. 2021-03-09 6.8 CVE-2021-24033
MISC
CONFIRM
go-proxyproto_project — go-proxyproto The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in the code, a deliberately malformed V1 header could be used to exhaust memory in a server process using this code – and create a DoS. This can be exploited by sending a stream starting with PROXY and continuing to send data (which does not contain a newline) until the target stops acknowledging. The risk here is small, because only trusted sources should be allowed to send proxy protocol headers. 2021-03-08 4 CVE-2021-23351
MISC
MISC
MISC
MISC
google — android In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-135604684 2021-03-10 4.6 CVE-2020-0025
MISC
google — android In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174047735 2021-03-10 4.6 CVE-2021-0372
MISC
google — android In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172459128 2021-03-10 4.6 CVE-2021-0380
MISC
google — android In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172584372 2021-03-10 4.6 CVE-2021-0385
MISC
google — android In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162741489 2021-03-10 4.6 CVE-2021-0388
MISC
google — android In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168039904 2021-03-10 4.6 CVE-2021-0389
MISC
google — android In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730 2021-03-10 4.6 CVE-2021-0392
MISC
google — android In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170315126 2021-03-10 4.6 CVE-2021-0395
MISC
google — android In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154076193 2021-03-10 4.3 CVE-2021-0378
MISC
google — android In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154075955 2021-03-10 4.3 CVE-2021-0379
MISC
google — android In read_and_discard_scanlines of jdapistd.c, there is a possible null pointer exception due to a missing NULL check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173702583 2021-03-10 4.3 CVE-2021-0384
MISC
google — android In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160871056 2021-03-10 4.6 CVE-2021-0383
MISC
google — android In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421939 2021-03-10 6.9 CVE-2021-0387
MISC
google — android In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-168041375 2021-03-10 6.8 CVE-2021-0393
MISC
google — android In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110 2021-03-10 6.8 CVE-2021-0386
MISC
google — android In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550 2021-03-10 6.8 CVE-2021-0391
MISC
google — chrome Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21180
MISC
MISC
google — chrome Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21165
MISC
MISC
google — chrome Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21166
MISC
MISC
google — chrome Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21177
MISC
MISC
google — chrome Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21176
MISC
MISC
google — chrome Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21167
MISC
MISC
google — chrome Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21175
MISC
MISC
google — chrome Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21173
MISC
MISC
google — chrome Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21171
MISC
MISC
google — chrome Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21170
MISC
MISC
google — chrome Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21162
MISC
MISC
google — chrome Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21168
MISC
MISC
google — chrome Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21164
MISC
MISC
google — chrome Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. 2021-03-09 6.8 CVE-2021-21190
MISC
MISC
google — chrome Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. 2021-03-09 4.3 CVE-2021-21163
MISC
MISC
google — chrome Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21169
MISC
MISC
google — chrome Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21174
MISC
MISC
google — chrome Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21188
MISC
MISC
google — chrome Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21178
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21161
MISC
MISC
google — chrome Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21179
MISC
MISC
google — chrome Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. 2021-03-09 4.3 CVE-2021-21185
MISC
MISC
google — chrome Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21160
MISC
MISC
google — chrome Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21189
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-03-09 6.8 CVE-2021-21159
MISC
MISC
google — chrome Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2021-03-09 4.3 CVE-2021-21187
MISC
MISC
google — chrome Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21181
MISC
MISC
google — chrome Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. 2021-03-09 4.3 CVE-2021-21186
MISC
MISC
google — chrome Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21184
MISC
MISC
google — chrome Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21183
MISC
MISC
google — chrome Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. 2021-03-09 5.8 CVE-2021-21172
MISC
MISC
google — chrome Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. 2021-03-09 4.3 CVE-2021-21182
MISC
MISC
ibm — api_connect IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105. 2021-03-08 6.4 CVE-2020-4903
XF
CONFIRM
ibm — api_connect IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality. 2021-03-08 5 CVE-2020-4695
XF
CONFIRM
ibm — cloud_pak_for_multicloud_management_monitoring IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513. 2021-03-09 5 CVE-2021-20341
XF
CONFIRM
identitymodel_project — identitymodel An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. 2021-03-05 5 CVE-2020-36255
MISC
MISC
MISC
imagemagick — imagemagick A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. 2021-03-09 4.3 CVE-2021-20241
MISC
MISC
imagemagick — imagemagick A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. 2021-03-09 4.3 CVE-2021-20243
MISC
MISC
inetsoftware — i-net_clear_reports I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect. 2021-03-09 5.8 CVE-2020-28150
MISC
jpeg — jpeg-xl jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service. 2021-03-05 6.8 CVE-2021-28026
MISC
libtiff — libtiff In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. 2021-03-09 4.3 CVE-2020-35522
MISC
libtiff — libtiff A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. 2021-03-09 4.3 CVE-2020-35521
MISC
linux — linux_kernel A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-09 4.6 CVE-2021-3411
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. 2021-03-05 4.9 CVE-2021-28038
MLIST
MISC
MLIST
mantisbt — mantisbt An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user’s cookie to login as them. 2021-03-07 5.5 CVE-2009-20001
MISC
MISC
maxum — rumpus Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user. 2021-03-08 6.8 CVE-2020-27574
MISC
MISC
maxum — rumpus Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. 2021-03-08 6.5 CVE-2020-27575
MISC
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-24089
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-24110
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-26902
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-27047
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-27048
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-27049
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27061, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-27051
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061. 2021-03-11 6.8 CVE-2021-27062
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-27061
MISC
microsoft — high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. 2021-03-11 6.8 CVE-2021-27050
MISC
microsoft — windows_10 Windows Container Execution Agent Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26865. 2021-03-11 4.6 CVE-2021-26891
MISC
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1640. 2021-03-11 4.6 CVE-2021-26878
MISC
microsoft — windows_10 Application Virtualization Remote Code Execution Vulnerability 2021-03-11 4.6 CVE-2021-26890
MISC
microsoft — windows_10 Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability 2021-03-11 4.6 CVE-2021-26887
MISC
microsoft — windows_10 Microsoft Windows Media Foundation Remote Code Execution Vulnerability 2021-03-11 6.5 CVE-2021-26881
MISC
microsoft — windows_10 Windows Update Stack Elevation of Privilege Vulnerability 2021-03-11 4.6 CVE-2021-26889
MISC
microsoft — windows_10 Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26871. 2021-03-11 4.6 CVE-2021-26885
MISC
microsoft — windows_10 Remote Access API Elevation of Privilege Vulnerability 2021-03-11 4.6 CVE-2021-26882
MISC
microsoft — windows_10 Storage Spaces Controller Elevation of Privilege Vulnerability 2021-03-11 4.6 CVE-2021-26880
MISC
microsoft — windows_10 Windows Update Service Elevation of Privilege Vulnerability 2021-03-11 4.6 CVE-2021-26866
MISC
microsoft — windows_10 Windows Container Execution Agent Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26891. 2021-03-11 4.6 CVE-2021-26865
MISC
microsoft — windows_10 Windows Virtual Registry Provider Elevation of Privilege Vulnerability 2021-03-11 4.6 CVE-2021-26864
MISC
microsoft — windows_10 Windows NAT Denial of Service Vulnerability 2021-03-11 5 CVE-2021-26879
MISC
microsoft — windows_10 Windows Graphics Component Remote Code Execution Vulnerability 2021-03-11 6.8 CVE-2021-26861
MISC
minio — minio MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary ‘mc share upload’ URL. Everyone is impacted who uses MinIO multi-users. This is fixed in version RELEASE.2021-03-04T00-53-13Z. As a workaround, one can disable uploads with `Content-Type: multipart/form-data` as mentioned in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO. 2021-03-08 4 CVE-2021-21362
MISC
MISC
MISC
CONFIRM
mozilla — pollbot Pollbot is open source software which “frees its human masters from the toilsome task of polling for the state of things during the Firefox release process.” In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of “https://pollbot.services.mozilla.com/”. An attacker can redirect anyone to malicious sites. To Reproduce type in this URL: “https://pollbot.services.mozilla.com//evil.com/”. Affected versions will redirect to that website when you inject a payload like “//evil.com/”. This is fixed in version 1.4.4. 2021-03-08 5.8 CVE-2021-21354
MISC
MISC
MISC
MISC
MISC
CONFIRM
nats — nats_server This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git. 2021-03-07 5 CVE-2020-28466
MISC
MISC
oryx-embedded — cyclonetcp Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have TCP connectivity to the target system. Receiving a maliciously crafted TCP packet from an unauthenticated endpoint is sufficient to trigger the bug. 2021-03-08 5 CVE-2021-26788
MISC
ossec — ossec An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached. 2021-03-05 5 CVE-2021-28040
MISC
ougc_feedback_project — ougc_feedback The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation. 2021-03-09 4.3 CVE-2021-28115
MISC
MISC
privoxy — privoxy A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. 2021-03-09 5 CVE-2021-20275
MISC
MLIST
MISC
privoxy — privoxy A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. 2021-03-09 5 CVE-2021-20274
MISC
MISC
privoxy — privoxy A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. 2021-03-09 5 CVE-2021-20273
MISC
MLIST
MISC
privoxy — privoxy A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. 2021-03-09 5 CVE-2021-20272
MISC
MLIST
MISC
privoxy — privoxy A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. 2021-03-09 5 CVE-2021-20276
MISC
MLIST
MISC
rancher — rancher A Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6. 2021-03-05 4.3 CVE-2021-25313
CONFIRM
CONFIRM
CONFIRM
ratcf — ratcf RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b. 2021-03-08 6.8 CVE-2021-21329
MISC
MISC
CONFIRM
sap — 3d_visual_enterprise_viewer When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27592
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27591
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27590
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27589
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27588
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27587
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27586
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27585
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-03-09 4.3 CVE-2021-27584
MISC
MISC
secomea — gatemanager_8250_firmware Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022 2021-03-05 6.5 CVE-2020-29032
MISC
MISC
secomea — gatemanager_firmware Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. 2021-03-05 4.3 CVE-2020-29028
MISC
secomea — gatemanager_firmware Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. 2021-03-05 6.8 CVE-2020-29030
MISC
secomea — gatemanager_firmware Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. 2021-03-05 4.3 CVE-2020-29029
MISC
secomea — sitemanager_firmware Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. 2021-03-05 6.5 CVE-2020-29020
MISC
sfcyazilim — sonlogger SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header. 2021-03-05 6.4 CVE-2021-27963
MISC
MISC
squarebox — catdv An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes. 2021-03-05 6.4 CVE-2021-26705
MISC
squid-cache — squid Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. 2021-03-09 4.3 CVE-2021-28116
MISC
MISC
MISC
thedaylightstudio — fuel_cms An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the “id” and “fuel_id” parameters. 2021-03-10 6.5 CVE-2020-23722
MISC
thedaylightstudio — fuel_cms FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3. 2021-03-10 4.3 CVE-2020-28705
MISC
MISC
wazuh — wazuh Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script. 2021-03-06 6.5 CVE-2021-26814
MISC
MISC
web_based_quiz_system_project — web_based_quiz_system Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter. 2021-03-09 4.3 CVE-2021-28006
MISC
zohocorp — manageengine_admanager_plus Zoho ManageEngine ADManager Plus before 7066 allows XSS. 2021-03-05 4.3 CVE-2020-35594
MISC
zohocorp — manageengine_desktop_central Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. 2021-03-05 6.4 CVE-2020-28050
CONFIRM
CONFIRM
zope — products.genericsetup Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability – anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. The problem has been fixed in version 2.1.1. Depending on how you have installed Products.GenericSetup, you should change the buildout version pin to 2.1.1 and re-run the buildout, or if you used pip simply do pip install `”Products.GenericSetup>=2.1.1″`. 2021-03-09 5 CVE-2021-21360
MISC
CONFIRM
MISC
zope — products.pluggableauthservice Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability – everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install “Products.PluggableAuthService>=2.6.0″`. 2021-03-08 4 CVE-2021-21336
MISC
CONFIRM
MISC
zope — products.pluggableauthservice Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install “Products.PluggableAuthService>=2.6.1”. 2021-03-08 5.8 CVE-2021-21337
MISC
CONFIRM
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — oozie There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie’s sharelib during it’s creation. 2021-03-09 1.9 CVE-2020-35451
MLIST
MISC
MLIST
apache — superset Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart’s related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user’s browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code. 2021-03-05 3.5 CVE-2021-27907
MISC
MLIST
arubanetworks — airwave A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2021-03-05 3.5 CVE-2021-26968
MISC
batflat — batflat Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. 2021-03-11 3.5 CVE-2021-27677
MISC
batflat — batflat Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. 2021-03-11 3.5 CVE-2021-27678
MISC
batflat — batflat Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. 2021-03-11 3.5 CVE-2021-27679
MISC
cszcms — csz_cms A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. 2021-03-10 3.5 CVE-2021-3224
MISC
MISC
google — android In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140727941 2021-03-10 2.1 CVE-2021-0382
MISC
google — android In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117199 2021-03-10 2.1 CVE-2021-0453
MISC
google — android In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117261 2021-03-10 2.1 CVE-2021-0452
MISC
google — android In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117871 2021-03-10 2.1 CVE-2021-0451
MISC
google — android In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117880 2021-03-10 2.1 CVE-2021-0450
MISC
google — android In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117965 2021-03-10 2.1 CVE-2021-0449
MISC
google — android In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172655291 2021-03-10 2.1 CVE-2021-0394
MISC
google — android In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484 2021-03-10 2.1 CVE-2021-0375
MISC
google — android In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153466381 2021-03-10 2.1 CVE-2021-0381
MISC
google — android In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169572641 2021-03-10 2.1 CVE-2021-0374
MISC
impresscms — impresscms Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the “Display Name” field. 2021-03-11 3.5 CVE-2021-28088
MISC
MISC
lenovo — pcmanager A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations. 2021-03-09 2.1 CVE-2020-8357
MISC
linux — linux_kernel An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. 2021-03-05 2.1 CVE-2021-28039
MLIST
MISC
maxum — rumpus Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. 2021-03-08 3.5 CVE-2020-27576
MISC
MISC
microsoft — windows_10 Windows Media Photo Codec Information Disclosure Vulnerability 2021-03-11 2.1 CVE-2021-26884
MISC
microsoft — windows_10 User Profile Service Denial of Service Vulnerability 2021-03-11 2.1 CVE-2021-26886
MISC
microsoft — windows_10 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability 2021-03-11 2.1 CVE-2021-26892
MISC
obss — time_in_status In the “Time in Status” app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. 2021-03-08 3.5 CVE-2021-27222
MISC
MISC
MISC
thedaylightstudio — fuel_cms An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english. 2021-03-10 3.5 CVE-2020-23721
MISC
zte — zxhn_h196q_firmware A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2. 2021-03-05 2.7 CVE-2021-21725
MISC

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows Windows App-V Overlay Filter Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-26860
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21077
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21074
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21075
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21076
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21071
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21072
MISC
adobe — animate Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21073
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account. 2021-03-12 not yet calculated CVE-2021-21085
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field. 2021-03-12 not yet calculated CVE-2021-21080
MISC
adobe — connect Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field. 2021-03-12 not yet calculated CVE-2021-21079
MISC
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. 2021-03-12 not yet calculated CVE-2021-21069
MISC
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. 2021-03-12 not yet calculated CVE-2021-21068
MISC
adobe — creative_cloud_desktop_application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction 2021-03-12 not yet calculated CVE-2021-21078
MISC
adobe — framemaker Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21056
MISC
adobe — photoshop Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21082
MISC
adobe — photoshop Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-03-12 not yet calculated CVE-2021-21067
MISC
ansible-tower — ansible-tower A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-09 not yet calculated CVE-2021-20253
MISC
apache — velocity An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. 2021-03-10 not yet calculated CVE-2020-13936
MLIST
CONFIRM
MLIST
MLIST
MLIST
apache — velocity_tools The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks. 2021-03-10 not yet calculated CVE-2020-13959
MLIST
CONFIRM
MLIST
MLIST
MLIST
athom — homey_and_homey_pro_devices An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: “01030507090b0d0f00020406080a0c0d” (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices. 2021-03-09 not yet calculated CVE-2020-28952
MISC
MISC
MISC
baby_care_system — baby_care_system Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter. 2021-03-10 not yet calculated CVE-2020-35752
MISC
MISC
MISC
bloomreach — experience_manager An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab. 2021-03-11 not yet calculated CVE-2020-14987
MISC
bloomreach — experience_manager An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript. 2021-03-11 not yet calculated CVE-2020-14988
MISC
bloomreach — experience_manager An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended. 2021-03-11 not yet calculated CVE-2020-14989
MISC
camunda — modeler ** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states “The way we secured the app is that it does not allow any remote scripts to be opened, no unsafe scripts to be evaluated, no remote sites to be browsed.” 2021-03-11 not yet calculated CVE-2021-28154
MISC
changeset — changeset Prototype pollution vulnerability in ‘changeset’ versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution. 2021-03-09 not yet calculated CVE-2021-25915
MISC
MISC
clipper — clipper Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API. 2021-03-11 not yet calculated CVE-2021-28134
MISC
MISC
MISC
MISC
com.bmuschko — com.bmuschko The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0. 2021-03-09 not yet calculated CVE-2021-21361
MISC
MISC
MISC
CONFIRM
containerd — containerd In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd’s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd’s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions. 2021-03-10 not yet calculated CVE-2021-21334
MISC
MISC
MISC
CONFIRM
FEDORA
FEDORA
cortex — xsoar An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the ‘/var/log/demisto/’ server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144. 2021-03-10 not yet calculated CVE-2021-3034
CONFIRM
csz — csz CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. 2021-03-11 not yet calculated CVE-2021-26776
MISC
d-link — dir-3060_devices prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. 2021-03-11 not yet calculated CVE-2021-28144
MISC
FULLDISC
CONFIRM
MISC
d-link– dir-841_devices /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). 2021-03-11 not yet calculated CVE-2021-28143
MISC
MISC
dell — supportassist Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. 2021-03-12 not yet calculated CVE-2021-21518
CONFIRM
eclipse — platform In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. 2021-03-09 not yet calculated CVE-2020-27225
CONFIRM
eclipse — theia In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected. 2021-03-12 not yet calculated CVE-2021-28161
CONFIRM
eclipse — theia In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run. 2021-03-12 not yet calculated CVE-2021-28162
CONFIRM
emerson — smart_wireless_gateway Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. 2021-03-10 not yet calculated CVE-2020-19419
MISC
emerson — smart_wireless_gateway Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account ‘maint’) to perform administrative tasks by sending specially crafted HTTP requests to the application. 2021-03-10 not yet calculated CVE-2020-19417
MISC
envoy — envoy Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy’s JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy’s JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement (see issue 13458). The AnyVerifier aggregates the children verifiers’ results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing. 2021-03-11 not yet calculated CVE-2021-21378
MISC
MISC
CONFIRM
facebook — gameroom The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0. 2021-03-10 not yet calculated CVE-2021-24030
CONFIRM
flatpak — flatpak Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the “file forwarding” feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app’s permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app’s .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit “`Disallow @@ and @@U usage in desktop files`”. The follow-up commits “`dir: Reserve the whole @@ prefix`” and “`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`” are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`. 2021-03-11 not yet calculated CVE-2021-21381
MISC
MISC
MISC
MISC
MISC
CONFIRM
DEBIAN
git — git Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config –global core.symlinks false`), the described attack won’t work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. 2021-03-09 not yet calculated CVE-2021-21300
MLIST
MISC
CONFIRM
MISC
MISC
FEDORA
MISC
glpi — glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4. 2021-03-08 not yet calculated CVE-2021-21326
MISC
CONFIRM
glpi — glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on “Solutions”. This vulnerability gives an unauthorized user the ability to enumerate GLPI items names (including users logins) using the knowbase search form (requires authentication). To Reproduce: Perform a valid authentication at your GLPI instance, Browse the ticket list and select any open ticket, click on Solution form, then Search a solution form that will redirect you to the endpoint /”glpi/front/knowbaseitem.php?item_itemtype=Ticket&item_items_id=18&forcetab=Knowbase$1″, and the item_itemtype=Ticket parameter present in the previous URL will point to the PHP alias of glpi_tickets table, so just replace it with “Users” to point to glpi_users table instead; in the same way, item_items_id=18 will point to the related column id, so changing it too you should be able to enumerate all the content which has an alias. Since such id(s) are obviously incremental, a malicious party could exploit the vulnerability simply by guessing-based attempts. 2021-03-08 not yet calculated CVE-2021-21324
MISC
MISC
CONFIRM
glpi — glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to carry out malicious attacks, or to start a “POP chain”. As an example of direct impact, this vulnerability affects integrity of the GLPI core platform and third-party plugins runtime misusing classes which implement some sensitive operations in their constructors or destructors. This is fixed in version 9.5.4. 2021-03-08 not yet calculated CVE-2021-21327
MISC
MISC
CONFIRM
glpi — glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-site scripting attack. To exploit this endpoint attacker need to be authenticated. This is fixed in version 9.5.4. 2021-03-08 not yet calculated CVE-2021-21325
MISC
CONFIRM
gnome — glib An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) 2021-03-11 not yet calculated CVE-2021-28153
MISC
gnutls — gnutls A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. 2021-03-12 not yet calculated CVE-2021-20232
MISC
MISC
gnutls — gnutls A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. 2021-03-12 not yet calculated CVE-2021-20231
MISC
MISC
go — go archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. 2021-03-11 not yet calculated CVE-2021-27919
MISC
go — go encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. 2021-03-11 not yet calculated CVE-2021-27918
MISC
google — android In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160800689 2021-03-10 not yet calculated CVE-2021-0377
MISC
google — android In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-167663878 2021-03-10 not yet calculated CVE-2021-0464
MISC
google — android In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157156744 2021-03-10 not yet calculated CVE-2021-0458
MISC
MISC
google — android In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel 2021-03-10 not yet calculated CVE-2021-0399
MISC
google — android In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173516292 2021-03-10 not yet calculated CVE-2021-0398
MISC
google — android In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106 2021-03-10 not yet calculated CVE-2021-0396
MISC
google — android In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157154534 2021-03-10 not yet calculated CVE-2021-0459
MISC
MISC
google — android In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-164440989 2021-03-10 not yet calculated CVE-2021-0371
MISC
google — android In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157155375 2021-03-10 not yet calculated CVE-2021-0457
MISC
MISC
google — android In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-115619667 2021-03-10 not yet calculated CVE-2021-0376
MISC
google — android In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-172005755 2021-03-10 not yet calculated CVE-2021-0465
MISC
google — android In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154867068 2021-03-10 not yet calculated CVE-2021-0463
MISC
google — android In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168799695 2021-03-10 not yet calculated CVE-2021-0462
MISC
google — android In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175124074 2021-03-10 not yet calculated CVE-2021-0461
MISC
google — android In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156739245 2021-03-10 not yet calculated CVE-2021-0460
MISC
google — android In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174769927 2021-03-10 not yet calculated CVE-2021-0456
MISC
google — android In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169829774 2021-03-10 not yet calculated CVE-2021-0368
MISC
google — android In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148 2021-03-10 not yet calculated CVE-2021-0397
MISC
google — android In CrossProfileAppsServiceImpl.java, there is the possibility of an application’s INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166561076 2021-03-10 not yet calculated CVE-2021-0369
MISC
google — android In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174749461 2021-03-10 not yet calculated CVE-2021-0390
MISC
google — android In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169259605 2021-03-10 not yet calculated CVE-2021-0370
MISC
hhvm — hhvm The unserialize() function supported a type code, “S”, which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. 2021-03-11 not yet calculated CVE-2020-1899
MISC
CONFIRM
hhvm — hhvm When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. 2021-03-11 not yet calculated CVE-2020-1900
MISC
CONFIRM
hhvm — hhvm An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0. 2021-03-10 not yet calculated CVE-2020-1916
MISC
CONFIRM
hhvm — hhvm xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. 2021-03-10 not yet calculated CVE-2020-1917
MISC
MISC
hhvm — hhvm In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. 2021-03-10 not yet calculated CVE-2020-1918
MISC
MISC
hhvm — hhvm Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. 2021-03-10 not yet calculated CVE-2020-1919
MISC
MISC
hhvm — hhvm Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. 2021-03-10 not yet calculated CVE-2021-24025
MISC
MISC
hhvm — hhvm The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. 2021-03-11 not yet calculated CVE-2020-1898
MISC
CONFIRM
hhvm — hhvm In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. 2021-03-10 not yet calculated CVE-2020-1921
MISC
MISC
hyperledger — besu Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prior to making any requests to an API endpoint the requestor must use the login endpoint to obtain a JSON web token (JWT) using their credentials. A single user can readily overload the login endpoint with invalid requests (incorrect password). As the supplied password is checked for validity on the main vertx event loop and takes a relatively long time this can cause the processing of other valid requests to fail. A valid username is required for this vulnerability to be exposed. This has been fixed in version 1.5.1. 2021-03-09 not yet calculated CVE-2021-21369
MISC
MISC
MISC
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247. 2021-03-08 not yet calculated CVE-2020-5014
XF
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965. 2021-03-12 not yet calculated CVE-2020-4831
XF
CONFIRM
ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469. 2021-03-11 not yet calculated CVE-2020-4976
XF
CONFIRM
ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660. 2021-03-11 not yet calculated CVE-2020-5024
XF
CONFIRM
ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661. 2021-03-11 not yet calculated CVE-2020-5025
XF
CONFIRM
ibm — spss_modeler_subscription A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. IBM X-Force ID: 187727. 2021-03-10 not yet calculated CVE-2020-4717
XF
CONFIRM
ibm — tivoli_netcool IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2021-03-11 not yet calculated CVE-2021-20336
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556. 2021-03-10 not yet calculated CVE-2020-5016
XF
CONFIRM
imagemagick — imagemagick A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. 2021-03-09 not yet calculated CVE-2021-20245
MISC
MISC
imagemagick — magickcore A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. 2021-03-09 not yet calculated CVE-2021-20244
MISC
MISC
imagemagick — magickcore A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. 2021-03-09 not yet calculated CVE-2021-20246
MISC
is-svg — is-svg The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. 2021-03-12 not yet calculated CVE-2021-28092
MISC
MISC
MISC
jspdf — jspdf This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function. 2021-03-09 not yet calculated CVE-2021-23353
MISC
MISC
MISC
MISC
MISC
MISC
MISC
kentico — cms The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. 2021-03-05 not yet calculated CVE-2021-27581
MISC
MISC
MISC
lenovo — xclarity_administrator An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file. 2021-03-09 not yet calculated CVE-2021-3417
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. 2021-03-12 not yet calculated CVE-2020-36280
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. 2021-03-12 not yet calculated CVE-2020-36278
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. 2021-03-12 not yet calculated CVE-2020-36281
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. 2021-03-12 not yet calculated CVE-2020-36279
MISC
MISC
MISC
leptonica — leptonica Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. 2021-03-11 not yet calculated CVE-2020-36277
MISC
MISC
MISC
lib3mf — lib3mf A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-03-10 not yet calculated CVE-2021-21772
MISC
libjpeg-turbo — libjpeg-turbo Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. 2021-03-10 not yet calculated CVE-2021-20205
MISC
libtiff — libtiff An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-03-09 not yet calculated CVE-2020-35523
MISC
MISC
MISC
DEBIAN
libtiff — libtiff A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-03-09 not yet calculated CVE-2020-35524
MISC
MISC
MISC
DEBIAN
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. 2021-03-07 not yet calculated CVE-2021-27365
MISC
MISC
MISC
MLIST
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport’s handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module’s global variables. 2021-03-07 not yet calculated CVE-2021-27363
MISC
MISC
MISC
MLIST
linux — linux_kernel An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-03-09 not yet calculated CVE-2021-20268
MISC
MISC
linux — linux_kernel A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability. 2021-03-10 not yet calculated CVE-2021-20265
MISC
MISC
linux — linux_kernel A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw. 2021-03-11 not yet calculated CVE-2021-20261
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. 2021-03-07 not yet calculated CVE-2021-27364
MISC
MISC
MLIST
MISC
lucy — security_awareness_software LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI. 2021-03-11 not yet calculated CVE-2021-28132
MISC
lxco — lxco An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file. 2021-03-09 not yet calculated CVE-2020-8356
MISC
magicconnect — client Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified directory and to execute arbitrary code with the privilege of the user invoking the installer when a terminal is connected remotely using Remote desktop. 2021-03-12 not yet calculated CVE-2021-20674
MISC
MISC
microsoft — azure Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2021-27074. 2021-03-11 not yet calculated CVE-2021-27080
MISC
microsoft — azure Azure Virtual Machine Information Disclosure Vulnerability 2021-03-11 not yet calculated CVE-2021-27075
MISC
microsoft — azure Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2021-27080. 2021-03-11 not yet calculated CVE-2021-27074
MISC
microsoft — directx DirectX Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-24095
MISC
microsoft — excel Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27053. 2021-03-11 not yet calculated CVE-2021-27054
MISC
microsoft — excel Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27054. 2021-03-11 not yet calculated CVE-2021-27053
MISC
microsoft — internet_explorer Internet Explorer Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27085
MISC
microsoft — internet_explorer Internet Explorer Memory Corruption Vulnerability 2021-03-11 not yet calculated CVE-2021-26411
MISC
microsoft — office Microsoft Office ClickToRun Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27058
MISC
microsoft — office Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-27059. 2021-03-11 not yet calculated CVE-2021-27057
MISC
microsoft — office Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-27057. 2021-03-11 not yet calculated CVE-2021-27059
MISC
microsoft — office Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27057, CVE-2021-27059. 2021-03-11 not yet calculated CVE-2021-24108
MISC
microsoft — onetype_font OpenType Font Parsing Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-26876
MISC
microsoft — power_bi_report_server Microsoft Power BI Information Disclosure Vulnerability 2021-03-11 not yet calculated CVE-2021-26859
MISC
microsoft — powerpoint Microsoft PowerPoint Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27056
MISC
microsoft — sharepoint Microsoft SharePoint Server Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27076
MISC
MISC
microsoft — sharepoint Microsoft SharePoint Server Information Disclosure Vulnerability 2021-03-11 not yet calculated CVE-2021-27052
MISC
microsoft — sharepoint Microsoft SharePoint Spoofing Vulnerability 2021-03-11 not yet calculated CVE-2021-24104
MISC
microsoft — visio Microsoft Visio Security Feature Bypass Vulnerability 2021-03-11 not yet calculated CVE-2021-27055
MISC
microsoft — visual_studio Visual Studio Code Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27060
MISC
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895. 2021-03-11 not yet calculated CVE-2021-26897
MISC
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26878. 2021-03-11 not yet calculated CVE-2021-1640
MISC
microsoft — windows Windows Update Stack Setup Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-1729
MISC
microsoft — windows Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-26896. 2021-03-11 not yet calculated CVE-2021-27063
MISC
microsoft — windows Windows 10 Update Assistant Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-27070
MISC
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26897. 2021-03-11 not yet calculated CVE-2021-26895
MISC
microsoft — windows Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26872, CVE-2021-26901. 2021-03-11 not yet calculated CVE-2021-26898
MISC
microsoft — windows Windows Graphics Component Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-26868
MISC
microsoft — windows Windows ActiveX Installer Service Information Disclosure Vulnerability 2021-03-11 not yet calculated CVE-2021-26869
MISC
microsoft — windows Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26898, CVE-2021-26901. 2021-03-11 not yet calculated CVE-2021-26872
MISC
microsoft — windows Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-27063. 2021-03-11 not yet calculated CVE-2021-26896
MISC
microsoft — windows Windows UPnP Device Host Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-26899
MISC
microsoft — windows Windows Event Tracing Information Disclosure Vulnerability 2021-03-11 not yet calculated CVE-2021-24107
MISC
microsoft — windows Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-27077. 2021-03-11 not yet calculated CVE-2021-26900
MISC
microsoft — windows Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26872, CVE-2021-26898. 2021-03-11 not yet calculated CVE-2021-26901
MISC
microsoft — windows Windows Projected File System Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-26870
MISC
microsoft — windows Windows Error Reporting Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-24090
MISC
microsoft — windows Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26885. 2021-03-11 not yet calculated CVE-2021-26871
MISC
microsoft — windows Windows User Profile Service Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-26873
MISC
microsoft — windows Windows Overlay Filter Elevation of Privilege Vulnerability 2021-03-11 not yet calculated CVE-2021-26874
MISC
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897. 2021-03-11 not yet calculated CVE-2021-26877
MISC
microsoft — windows Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26900, CVE-2021-27077. 2021-03-11 not yet calculated CVE-2021-26875
MISC
microsoft — windows Windows Admin Center Security Feature Bypass Vulnerability 2021-03-11 not yet calculated CVE-2021-27066
MISC
microsoft — windows Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900. 2021-03-11 not yet calculated CVE-2021-27077
MISC
microsoft — visual_studio Visual Studio Code ESLint Extension Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27081
MISC
microsoft — visual_studio Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27082
MISC
microsoft — visual_studio Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27084
MISC
microsoft — visual_studio Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability 2021-03-11 not yet calculated CVE-2021-27083
MISC
msgpack5 — msgpack5 msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a “Prototype Poisoning” vulnerability. When msgpack5 decodes a map containing a key “__proto__”, it assigns the decoded value to __proto__. Object.prototype.__proto__ is an accessor property for the receiver’s prototype. If the value corresponding to the key __proto__ decodes to an object or null, msgpack5 sets the decoded object’s prototype to that value. An attacker who can submit crafted MessagePack data to a service can use this to produce values that appear to be of other types; may have unexpected prototype properties and methods (for example length, numeric properties, and push et al if __proto__’s value decodes to an Array); and/or may throw unexpected exceptions when used (for example if the __proto__ value decodes to a Map or Date). Other unexpected behavior might be produced for other types. There is no effect on the global prototype. This “prototype poisoning” is sort of a very limited inversion of a prototype pollution attack. Only the decoded value’s prototype is affected, and it can only be set to msgpack5 values (though if the victim makes use of custom codecs, anything could be a msgpack5 value). We have not found a way to escalate this to true prototype pollution (absent other bugs in the consumer’s code). This has been fixed in msgpack5 version 3.6.1, 4.5.1, and 5.2.1. See the referenced GitHub Security Advisory for an example and more details. 2021-03-12 not yet calculated CVE-2021-21368
MISC
MISC
MISC
MISC
CONFIRM
MISC
netgear — jgs516pe/gs116ev2_devices Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack. 2021-03-10 not yet calculated CVE-2020-35230
MISC
netgear — jgs516pe/gs116ev2_devices The TFTP firmware update mechanism on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. 2021-03-10 not yet calculated CVE-2020-35232
MISC
netgear — jgs516pe/gs116ev2_devices The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. 2021-03-10 not yet calculated CVE-2020-35223
MISC
netgear — jgs516pe/gs116ev2_devices The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks. 2021-03-10 not yet calculated CVE-2020-35225
MISC
netgear — jgs516pe/gs116ev2_devices NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. 2021-03-10 not yet calculated CVE-2020-35226
MISC
netgear — jgs516pe/gs116ev2_devices The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. 2021-03-10 not yet calculated CVE-2020-35231
MISC
netgear — jgs516pe/gs116ev2_devices The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges. 2021-03-10 not yet calculated CVE-2020-35229
MISC
netgear — jgs516pe/gs116ev2_devices A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. 2021-03-10 not yet calculated CVE-2020-35227
MISC
netgear — jgs516pe/gs116ev2_devices A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot. 2021-03-10 not yet calculated CVE-2020-35224
MISC
netgear — jgs516pe/gs116ev2_devices The NSDP protocol version implemented on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. 2021-03-10 not yet calculated CVE-2020-35222