Original release date: January 4, 2021
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3ds — teamwork_cloud | An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment. | 2020-12-28 | 7.2 | CVE-2020-25507 MISC MISC |
agentejo — cockpit | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. | 2020-12-30 | 7.5 | CVE-2020-35848 MISC MISC MISC MISC |
agentejo — cockpit | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | 2020-12-30 | 7.5 | CVE-2020-35847 MISC MISC MISC MISC |
agentejo — cockpit | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. | 2020-12-30 | 7.5 | CVE-2020-35846 MISC MISC MISC MISC |
backblaze — backblaze | Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. | 2020-12-27 | 9.3 | CVE-2020-8289 FULLDISC FULLDISC MISC MISC MISC MISC |
deep-set_project — deep-set | Prototype pollution vulnerability in ‘deep-set’ versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | 2020-12-29 | 7.5 | CVE-2020-28276 MISC CONFIRM |
dset_project — dset | Prototype pollution vulnerability in ‘dset’ versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | 2020-12-29 | 7.5 | CVE-2020-28277 MISC CONFIRM |
esri — arcgis_server | Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | 2020-12-26 | 9.3 | CVE-2020-35712 MISC MISC |
flamingo_project — flamingo | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. | 2020-12-26 | 7.5 | CVE-2020-35244 MISC |
flamingo_project — flamingo | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. | 2020-12-26 | 7.5 | CVE-2020-35242 MISC |
flamingo_project — flamingo | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. | 2020-12-26 | 7.5 | CVE-2020-35243 MISC |
flamingo_project — flamingo | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. | 2020-12-26 | 7.5 | CVE-2020-35245 MISC |
flattenizer_project — flattenizer | Prototype pollution vulnerability in ‘flattenizer’ versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | 2020-12-29 | 7.5 | CVE-2020-28279 MISC CONFIRM |
foscammall — foscam_x1_firmware | FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. | 2020-12-28 | 7.2 | CVE-2020-28096 MISC |
gdatasoftware — g_data | An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges. | 2020-12-28 | 7.5 | CVE-2020-27172 MISC |
getobject_project — getobject | Prototype pollution vulnerability in ‘getobject’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | 2020-12-29 | 7.5 | CVE-2020-28282 MISC CONFIRM |
huorong — internet_security | Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. | 2020-12-26 | 7.5 | CVE-2020-35364 MISC MISC |
jiransecurity — spamsniper | Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet. | 2020-12-27 | 7.5 | CVE-2020-7845 MISC MISC |
joomla — joomla! | An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | 2020-12-28 | 7.5 | CVE-2020-35613 MISC |
klogserver — klog_server | KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. | 2020-12-27 | 10 | CVE-2020-35729 MISC MISC |
libnested_project — libnested | Prototype pollution vulnerability in ‘libnested’ versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution. | 2020-12-29 | 7.5 | CVE-2020-28283 MISC CONFIRM |
linksys — re6500_firmware | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | 2020-12-26 | 10 | CVE-2020-35713 MISC MISC MISC |
linksys — re6500_firmware | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. | 2020-12-26 | 7.8 | CVE-2020-35716 MISC MISC MISC |
linksys — re6500_firmware | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | 2020-12-26 | 9 | CVE-2020-35715 MISC MISC MISC |
netgear — ac2100_firmware | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34. | 2020-12-30 | 9.7 | CVE-2020-35800 MISC |
netgear — ac2100_firmware | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34. | 2020-12-30 | 7.5 | CVE-2020-35795 MISC |
netgear — cbr40_firmware | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. | 2020-12-30 | 10 | CVE-2020-35796 MISC |
netgear — d3600_firmware | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.74, EX6400 before 1.0.2.140, EX7300 before 1.0.2.140, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7500v2 before 1.0.3.40, R7800 before 1.0.2.62, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.78, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. | 2020-12-30 | 7.5 | CVE-2020-35799 MISC |
netgear — dgn2200v1_firmware | NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. | 2020-12-30 | 7.7 | CVE-2020-35777 MISC |
netgear — nms300_firmware | NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. | 2020-12-30 | 7.5 | CVE-2020-35797 MISC |
netgear — nms300_firmware | NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | 2020-12-30 | 7.8 | CVE-2020-35779 MISC |
predefine_project — predefine | Prototype pollution vulnerability in ‘predefine’ versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. | 2020-12-29 | 7.5 | CVE-2020-28280 MISC CONFIRM |
rusqlite_project — rusqlite | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free. | 2020-12-31 | 7.5 | CVE-2020-35873 MISC MISC |
set-object-value_project — set-object-value | Prototype pollution vulnerability in ‘set-object-value’ versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | 2020-12-29 | 7.5 | CVE-2020-28281 MISC CONFIRM |
shvl_project — shvl | Prototype pollution vulnerability in ‘shvl’ versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | 2020-12-29 | 7.5 | CVE-2020-28278 MISC CONFIRM |
solarwinds — orion_platform | The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. | 2020-12-29 | 7.5 | CVE-2020-10148 CERT-VN CONFIRM |
struct2json_project — struct2json | struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT. | 2020-12-26 | 7.5 | CVE-2020-29203 MISC |
tp-link — wa901nd_firmware | A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. | 2020-12-26 | 7.5 | CVE-2020-35575 MISC MISC MISC |
webmin — webmin | miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. | 2020-12-29 | 7.5 | CVE-2020-35769 MISC MISC |
woocommerce — gift_cards | Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function “Custom Gift Card Template”, the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server. | 2020-12-28 | 7.5 | CVE-2020-35627 MISC MISC |
zammad — zammad | An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users. | 2020-12-28 | 7.5 | CVE-2020-26030 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1e — client | The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%1EClientTachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges. | 2020-12-29 | 6.5 | CVE-2020-27645 CONFIRM |
1e — client | The %PROGRAMDATA%1EClient directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. | 2020-12-29 | 4 | CVE-2020-27643 CONFIRM |
1e — client | The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%1EClientTachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%Temp. | 2020-12-29 | 6.5 | CVE-2020-27644 CONFIRM |
1e — client | The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. | 2020-12-29 | 6.5 | CVE-2020-16268 CONFIRM |
apache — accumulo | Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the ‘canFlush’ and ‘canPerformSystemActions’ security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties. | 2020-12-29 | 5.5 | CVE-2020-17533 MLIST MISC MLIST |
arc-swap_project — arc-swap | An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map. | 2020-12-25 | 5 | CVE-2020-35711 MISC MISC |
backblaze — backblaze | Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. | 2020-12-27 | 4.6 | CVE-2020-8290 MISC MISC MISC |
bloofoxcms_project — bloofoxcms | bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with “Content-Type: application/octet-stream”) to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. | 2020-12-25 | 4 | CVE-2020-35709 MISC |
crossbar — autobahn | Autobahn|Python before 20.12.3 allows redirect header injection. | 2020-12-27 | 5.8 | CVE-2020-35678 CONFIRM MISC MISC CONFIRM CONFIRM |
cxuu — cxuucms | CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. | 2020-12-26 | 4.3 | CVE-2020-35347 MISC |
cxuu — cxuucms | CXUUCMS V3 allows class=”layui-input” XSS. | 2020-12-27 | 4.3 | CVE-2020-29249 MISC |
cxuu — cxuucms | CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | 2020-12-27 | 4.3 | CVE-2020-29250 MISC |
date-and-time_project — date-and-time | date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2. | 2020-12-28 | 5 | CVE-2020-26289 MISC CONFIRM MISC |
dext5 — dext5upload | DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | 2020-12-26 | 5 | CVE-2020-35362 MISC |
fasterxml — jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | 2020-12-27 | 6.8 | CVE-2020-35728 MISC MISC |
flamingoim_project — flamingoim | Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product’s source code is available. | 2020-12-26 | 5 | CVE-2020-35284 MISC |
freedesktop — poppler | ** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects. | 2020-12-25 | 6.8 | CVE-2020-35702 MISC |
freehtmldesigns — site_offline | The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. | 2020-12-29 | 4.3 | CVE-2020-35773 MISC MISC MISC MISC |
gnome — gdk-pixbuf | GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. | 2020-12-26 | 4.3 | CVE-2020-29385 CONFIRM MISC CONFIRM MISC CONFIRM |
gnome — gnome_display_manager | A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. | 2020-12-28 | 4.4 | CVE-2020-27837 MISC |
gnu — binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. | 2020-12-27 | 6.8 | CVE-2020-35448 MISC MISC |
gobby_project — gobby | Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | 2020-12-26 | 5 | CVE-2020-35450 MISC |
hcltech — domino | HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | 2020-12-28 | 5 | CVE-2020-14273 CONFIRM |
hedgedoc — hedgedoc | HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should however verify that your uploaded file storage only contains files that are allowed, as uploaded files might still be served. As workaround it’s possible to block the `/uploadimage` endpoint on your instance using your reverse proxy. And/or restrict MIME-types and file names served from your upload file storage. | 2020-12-29 | 5 | CVE-2020-26286 MISC MISC CONFIRM |
hedgedoc — hedgedoc | HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but `www.google-analytics.com` is allowed. Using Google Tag Manger it is possible to inject arbitrary JavaScript and execute it on page load. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.1. As a workaround one can disallow `www.google-analytics.com` in the `Content-Security-Policy` header. Note that other ways to leverage the `script` tag injection might exist. | 2020-12-29 | 4.3 | CVE-2020-26287 MISC MISC MISC MISC CONFIRM |
huawei — cloudengine_12800_firmware | There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. | 2020-12-29 | 5 | CVE-2020-9124 CONFIRM |
huawei — cloudengine_12800_firmware | There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. | 2020-12-29 | 5 | CVE-2020-9094 CONFIRM |
huawei — cloudengine_12800_firmware | There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. | 2020-12-29 | 6.8 | CVE-2020-9207 CONFIRM |
huawei — honor_20_pro_firmware | There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module. | 2020-12-29 | 5 | CVE-2020-9223 CONFIRM |
huawei — imanager_neteco_6000 | There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. | 2020-12-29 | 4 | CVE-2020-9208 CONFIRM |
huawei — mate_30_firmware | There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally. | 2020-12-29 | 4.6 | CVE-2020-9125 CONFIRM |
huawei — taurus-al00a_firmware | There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service. | 2020-12-29 | 4.3 | CVE-2020-9093 CONFIRM |
intelliants — subrion_cms | Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. | 2020-12-26 | 4.3 | CVE-2020-35437 MISC |
joomla — joomla! | An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page. | 2020-12-28 | 5 | CVE-2020-35614 MISC |
joomla — joomla! | An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. | 2020-12-28 | 5 | CVE-2020-35612 MISC |
joomla — joomla! | An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values. | 2020-12-28 | 5 | CVE-2020-35611 MISC |
joomla — joomla! | An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms. | 2020-12-28 | 5 | CVE-2020-35610 MISC |
joomla — joomla! | An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations. | 2020-12-28 | 5 | CVE-2020-35616 MISC |
joomla — joomla! | An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability. | 2020-12-28 | 6.8 | CVE-2020-35615 MISC |
liftoffsoftware — gateone | GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. | 2020-12-27 | 5 | CVE-2020-35736 MISC MISC |
linksys — re6500_firmware | Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | 2020-12-26 | 6.5 | CVE-2020-35714 MISC MISC MISC |
linuxfoundation — dex | Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references). | 2020-12-28 | 6.8 | CVE-2020-26290 MISC MISC CONFIRM MISC MISC MISC MISC MISC |
litespeedtech — litespeed_cache | A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. | 2020-12-26 | 4.3 | CVE-2020-29172 CONFIRM MISC |
nchsoftware — express_accounts | In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | 2020-12-28 | 4 | CVE-2020-13474 MISC MISC |
netgear — cbr40_firmware | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, and RBS40V before 2.6.1.4. | 2020-12-30 | 5 | CVE-2020-35802 MISC |
netgear — d3600_firmware | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40. | 2020-12-30 | 5.2 | CVE-2020-35787 MISC |
netgear — d7800_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. | 2020-12-30 | 4.6 | CVE-2020-35793 MISC |
netgear — d7800_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. | 2020-12-30 | 5.2 | CVE-2020-35790 MISC |
netgear — dgn2200_firmware | NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). | 2020-12-30 | 5.8 | CVE-2020-35785 MISC |
netgear — gs716t_firmware | Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. | 2020-12-30 | 6.8 | CVE-2020-35778 MISC |
netgear — jgs516pe_firmware | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. | 2020-12-30 | 6.5 | CVE-2020-35784 MISC |
netgear — jgs516pe_firmware | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. | 2020-12-30 | 5.8 | CVE-2020-35783 MISC |
netgear — jgs516pe_firmware | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. | 2020-12-30 | 5.8 | CVE-2020-35782 MISC |
netgear — jgs516pe_firmware | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. | 2020-12-30 | 5.8 | CVE-2020-35801 MISC |
netgear — nms300_firmware | NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. | 2020-12-30 | 6.5 | CVE-2020-35789 MISC |
netgear — nms300_firmware | NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | 2020-12-30 | 4 | CVE-2020-35780 MISC |
netgear — nms300_firmware | NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | 2020-12-30 | 4 | CVE-2020-35781 MISC |
netgear — r7500_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68. | 2020-12-30 | 5.2 | CVE-2020-35792 MISC |
netgear — r7800_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. | 2020-12-30 | 4.6 | CVE-2020-35791 MISC |
netgear — rbs40v_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-12-30 | 5.2 | CVE-2020-35794 MISC |
netgear — wac104_firmware | NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. | 2020-12-30 | 5.2 | CVE-2020-35788 MISC |
opendkim — opendkim | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the “A number of self-test programs are included here for unit-testing the library” situation. | 2020-12-28 | 4.4 | CVE-2020-35766 MISC |
panasonic — wv-s2231l_firmware | Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. | 2020-12-28 | 5 | CVE-2020-29194 MISC MISC |
parallels — remote_application_server | Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker’s client for use as a “host” value. In other words, after an attacker’s web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like “host”:”192.168.###.###” in the POST data. | 2020-12-25 | 5 | CVE-2020-35710 MISC MISC |
phplist — phplist | phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the “Config – Import Administrators” page. | 2020-12-25 | 6.5 | CVE-2020-35708 MISC MISC |
pureftpd — pure-ftpd | Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit. | 2020-12-26 | 5 | CVE-2020-35359 MISC |
qnap — qts | This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. | 2020-12-29 | 6.5 | CVE-2020-25847 CONFIRM |
rockoa — xinhu | rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. | 2020-12-26 | 5 | CVE-2020-35388 MISC |
rockwellautomation — factorytalk_diagnostics | An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected. | 2020-12-29 | 5 | CVE-2020-5807 CONFIRM |
rockwellautomation — factorytalk_linx | An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. | 2020-12-29 | 5 | CVE-2020-5802 CONFIRM |
rockwellautomation — factorytalk_linx | An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | 2020-12-29 | 5 | CVE-2020-5801 CONFIRM |
roundcube — roundcube | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. | 2020-12-28 | 4.3 | CVE-2020-35730 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC MISC |
stepmania — stepmania | lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. | 2020-12-26 | 4.3 | CVE-2020-20412 MISC |
stratodesk — notouch_center | Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with “helpdesk” privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page. | 2020-12-26 | 6.5 | CVE-2020-25917 MISC |
tag_project — tag | dhowden tag before 2020-11-19 allows “panic: runtime error: index out of range” via readAPICFrame. | 2020-12-28 | 4.3 | CVE-2020-29243 MISC |
tag_project — tag | dhowden tag before 2020-11-19 allows “panic: runtime error: slice bounds out of range” via readAtomData. | 2020-12-28 | 4.3 | CVE-2020-29245 MISC |
tag_project — tag | dhowden tag before 2020-11-19 allows “panic: runtime error: index out of range” via readPICFrame. | 2020-12-28 | 4.3 | CVE-2020-29242 MISC |
tag_project — tag | dhowden tag before 2020-11-19 allows “panic: runtime error: slice bounds out of range” via readTextWithDescrFrame. | 2020-12-28 | 4.3 | CVE-2020-29244 MISC |
techkshetrainfo — savsoft_quiz | A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. | 2020-12-26 | 4.3 | CVE-2020-27515 MISC MISC MISC |
tendacn — ac1200_firmware | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. | 2020-12-28 | 5 | CVE-2020-28094 MISC |
tendacn — ac1200_firmware | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. | 2020-12-28 | 6.5 | CVE-2020-28093 MISC |
tengine_project — tengine | ** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated “I don’t think there is an proof of overflow so far.” | 2020-12-26 | 4.3 | CVE-2020-28759 MISC |
twitter — twitter-server | server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. | 2020-12-29 | 4.3 | CVE-2020-35774 MISC MISC |
user_registration_&_login_and_user_management_system_with_admin_panel_project — user_registration_&_login_and_user_management_system_with_admin_panel | A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. | 2020-12-26 | 6.8 | CVE-2020-26766 MISC |
wavpack — wavpack | WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later “unofficial” releases through 5.3.2, which are also affected. | 2020-12-28 | 4.3 | CVE-2020-35738 MISC |
woocommerce — woocommerce | The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. | 2020-12-27 | 5 | CVE-2020-29156 MISC MISC |
xpdfreader — xpdf | Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. | 2020-12-26 | 5 | CVE-2020-35376 MISC |
xuxueli — xxl-job | XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. | 2020-12-27 | 4.3 | CVE-2020-29204 MISC |
zammad — zammad | An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing. | 2020-12-28 | 5 | CVE-2020-29160 MISC MISC |
zammad — zammad | An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended. | 2020-12-28 | 4 | CVE-2020-29159 MISC MISC |
zammad — zammad | An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). | 2020-12-28 | 4 | CVE-2020-26031 MISC |
zammad — zammad | An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view. | 2020-12-28 | 4 | CVE-2020-29158 MISC MISC |
zammad — zammad | An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user. | 2020-12-28 | 4 | CVE-2020-26034 MISC |
zammad — zammad | An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header. | 2020-12-28 | 4 | CVE-2020-26029 MISC |
zammad — zammad | An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets. | 2020-12-28 | 4 | CVE-2020-26028 MISC |
zammad — zammad | An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems. | 2020-12-28 | 5 | CVE-2020-26032 MISC |
zammad — zammad | An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check. | 2020-12-28 | 5.8 | CVE-2020-26033 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cxuu — cxuucms | CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | 2020-12-26 | 3.5 | CVE-2020-35346 MISC |
daybydaycrm — daybyday | Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. | 2020-12-25 | 3.5 | CVE-2020-35706 MISC MISC |
daybydaycrm — daybyday | Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. | 2020-12-25 | 3.5 | CVE-2020-35704 MISC MISC |
daybydaycrm — daybyday | Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. | 2020-12-25 | 3.5 | CVE-2020-35707 MISC MISC |
daybydaycrm — daybyday | Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. | 2020-12-25 | 3.5 | CVE-2020-35705 MISC MISC |
flatpress — flatpress | FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload. | 2020-12-30 | 3.5 | CVE-2020-35241 MISC MISC |
fluxbb — fluxbb | FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in “Blog Content” and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | 2020-12-30 | 3.5 | CVE-2020-35240 MISC MISC |
huawei — jackman-al00d | There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally. | 2020-12-29 | 2.1 | CVE-2020-1848 CONFIRM |
nchsoftware — express_accounts | NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file. | 2020-12-28 | 2.1 | CVE-2020-13473 MISC MISC |
nchsoftware — express_invoice | NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. | 2020-12-28 | 3.5 | CVE-2020-13476 MISC |
netgear — d6200_devices | Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. | 2020-12-30 | 3.5 | CVE-2020-35842 MISC |
netgear — d6200_devices | Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. | 2020-12-30 | 3.5 | CVE-2020-35840 MISC |
netgear — d7800_devices | NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. | 2020-12-30 | 2.7 | CVE-2020-35786 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35824 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7800 before 1.0.1.58, R7800 before 1.0.2.74, R8900 before 1.0.5.18, R9000 before 1.0.5.18, and XR700 before 1.0.1.34. | 2020-12-30 | 2.1 | CVE-2020-35804 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35838 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35837 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35835 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35830 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78. | 2020-12-30 | 3.5 | CVE-2020-35827 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35826 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35825 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35820 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35823 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35822 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35821 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35819 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35817 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35816 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35815 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35809 MISC |
netgear — d7800_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | 3.5 | CVE-2020-35805 MISC |
nopcommerce — store | nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload. | 2020-12-29 | 3.5 | CVE-2020-29475 MISC |
opencart — opencart | OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger. | 2020-12-29 | 3.5 | CVE-2020-29471 MISC |
opencart — opencart | OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | 2020-12-29 | 3.5 | CVE-2020-29470 MISC |
panasonic — wv-s2231l | Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order). | 2020-12-28 | 2.1 | CVE-2020-29193 MISC MISC |
rockwellautomation — factorytalk_linx | An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | 2020-12-29 | 2.1 | CVE-2020-5806 CONFIRM |
techkshetrainfo — savsoft_quiz | Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). | 2020-12-26 | 3.5 | CVE-2020-35349 MISC |
zammad — zammad | An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. | 2020-12-28 | 3.5 | CVE-2020-26035 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aminocom — cpe_wan_management_protocol |
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. | 2020-12-30 | not yet calculated | CVE-2020-10209 MISC |
aminocom — entonewebengine | Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges. | 2020-12-30 | not yet calculated | CVE-2020-10208 MISC |
aminocom — entonewebengine |
Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings. | 2020-12-29 | not yet calculated | CVE-2020-10207 MISC |
aminocom — ssh_keys |
Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH. | 2020-12-29 | not yet calculated | CVE-2020-10210 MISC |
aminocom — vncserver |
Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device. | 2020-12-30 | not yet calculated | CVE-2020-10206 MISC |
arista — eos |
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train. | 2020-12-28 | not yet calculated | CVE-2020-24360 CONFIRM |
arista — eos |
In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train. | 2020-12-28 | not yet calculated | CVE-2020-26569 CONFIRM |
arista — eos |
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train. | 2020-12-28 | not yet calculated | CVE-2020-15898 CONFIRM |
bolt — bolt |
Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the “How to Harden Your PHP for Better Security” guidance. | 2020-12-30 | not yet calculated | CVE-2020-28925 MISC MISC |
cbor — cbor |
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. | 2020-12-31 | not yet calculated | CVE-2019-25001 MISC |
charging_limit_current_write — charging_limit_current_write |
In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability. | 2020-12-31 | not yet calculated | CVE-2020-11832 MISC |
cockpit-project.org — cockpit_234 |
** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states “I don’t think [it] is a big real-life issue.” | 2020-12-30 | not yet calculated | CVE-2020-35850 MISC MISC |
d-link — dap-1650_devices |
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. | 2020-12-30 | not yet calculated | CVE-2019-12768 MISC |
dotcms — dotcms |
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability. | 2020-12-30 | not yet calculated | CVE-2020-27848 CONFIRM MISC |
draytek — vigot2960 |
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | 2020-12-31 | not yet calculated | CVE-2020-19664 MISC MISC |
dropbear — dropbear |
Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. | 2020-12-30 | not yet calculated | CVE-2019-12953 MISC |
drupal — aes_encryption |
The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2017-20001 MISC |
drupal — kcfinder_integration |
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2018-25002 MISC MISC MISC |
drupal — rest/json |
The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2016-20002 MISC |
drupal — rest/json |
The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2016-20001 MISC |
drupal — rest/json |
The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2016-20008 MISC |
drupal — rest/json |
The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2016-20003 MISC |
drupal — rest/json |
The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2016-20004 MISC |
drupal — rest/json |
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2016-20005 MISC |
drupal — rest/json |
The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2016-20006 MISC |
drupal — rest/json |
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2016-20007 MISC |
drupal — webform_report |
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal’s security advisory policy. | 2021-01-01 | not yet calculated | CVE-2019-25012 MISC |
egavilanmedia — egavilanmedia | EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel – Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload. | 2020-12-30 | not yet calculated | CVE-2020-29230 MISC MISC |
egavilanmedia — egavilanmedia | EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers. | 2020-12-30 | not yet calculated | CVE-2020-29231 MISC MISC |
egavilanmedia — egavilanmedia |
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. | 2020-12-30 | not yet calculated | CVE-2020-29228 MISC MISC |
electron — zonote |
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). | 2021-01-01 | not yet calculated | CVE-2020-35717 MISC MISC MISC |
exponentcms — exponent_cms |
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | 2020-12-31 | not yet calculated | CVE-2016-9023 MISC MISC |
exponentcms — exponent_cms |
Exponent CMS before 2.6.0 has improper input validation in storeController.php. | 2020-12-31 | not yet calculated | CVE-2016-9021 MISC MISC |
exponentcms — exponent_cms |
Exponent CMS before 2.6.0 has improper input validation in usersController.php. | 2020-12-31 | not yet calculated | CVE-2016-9022 MISC MISC |
exponentcms — exponent_cms |
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. | 2020-12-31 | not yet calculated | CVE-2016-9025 MISC MISC |
exponentcms — exponent_cms |
Exponent CMS before 2.6.0 has improper input validation in fileController.php. | 2020-12-31 | not yet calculated | CVE-2016-9026 MISC MISC |
foxitsoftware — foxit_reader |
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update. | 2020-12-31 | not yet calculated | CVE-2020-35931 MISC |
golang — docker_engine |
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | 2020-12-30 | not yet calculated | CVE-2020-27534 MISC MISC MISC MISC MISC |
golang — go |
In x/text in Go 1.15.4, an “index out of range” panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | 2021-01-02 | not yet calculated | CVE-2020-28851 MISC |
golang — go |
In x/text in Go 1.15.4, a “slice bounds out of range” panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | 2021-01-02 | not yet calculated | CVE-2020-28852 MISC |
google — flatbuffers |
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. | 2020-12-31 | not yet calculated | CVE-2019-25004 MISC |
google — flatbuffers |
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks. | 2020-12-31 | not yet calculated | CVE-2020-35864 MISC |
green_packet — wimax_dv-360_devices |
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980. | 2020-12-31 | not yet calculated | CVE-2018-14067 MISC |
gssproxy — gssproxy |
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. | 2020-12-31 | not yet calculated | CVE-2020-12658 MISC MISC MISC |
hgiga — mailsherlock | The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files. | 2020-12-31 | not yet calculated | CVE-2020-25850 MISC |
hgiga — mailsherlock |
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. | 2020-12-31 | not yet calculated | CVE-2020-35740 MISC |
hgiga — mailsherlock |
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. | 2020-12-31 | not yet calculated | CVE-2020-35743 MISC |
hgiga — mailsherlock |
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. | 2020-12-31 | not yet calculated | CVE-2020-35742 MISC |
hgiga — mailsherlock |
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks. | 2020-12-31 | not yet calculated | CVE-2020-35741 MISC |
hgiga — mailsherlock |
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system. | 2020-12-31 | not yet calculated | CVE-2020-35851 MISC |
hgiga — mailsherlock |
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. | 2020-12-31 | not yet calculated | CVE-2020-25848 MISC |
hyperium — http |
An issue was discovered in the http crate before 0.1.20 for Rust. HeaderMap::reserve() has an integer overflow that allows attackers to cause a denial of service. | 2020-12-31 | not yet calculated | CVE-2019-25008 MISC |
hyperium — hyper |
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface. | 2020-12-31 | not yet calculated | CVE-2020-35863 MISC |
invision_community — invision_community |
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | 2020-12-30 | not yet calculated | CVE-2020-29477 MISC MISC |
italoantunes — vidyo |
Vidyo 02-09-/D allows clickjacking via the portal/ URI. | 2020-12-29 | not yet calculated | CVE-2020-35735 MISC MISC |
jira — xwiki |
XWiki Platform before 12.8 mishandles escaping in the property displayer. | 2020-12-31 | not yet calculated | CVE-2020-13654 MISC CONFIRM MISC |
libsecp256k1 — libsecp256k1 |
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information. | 2020-12-31 | not yet calculated | CVE-2019-25003 MISC |
limesurvey — limesurvey | LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. | 2020-12-31 | not yet calculated | CVE-2020-25799 MISC MISC |
limesurvey — limesurvey |
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser. | 2020-12-31 | not yet calculated | CVE-2020-25797 MISC MISC |
linbit — csync2 |
An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. | 2020-12-30 | not yet calculated | CVE-2019-15523 MISC |
mantisbt — mantisbt |
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter. | 2020-12-30 | not yet calculated | CVE-2020-35849 MISC |
mantisbt — mantisbt |
In MantisBT 2.24.3, SQL Injection can occur in the parameter “access” of the mc_project_get_users function through the API SOAP. | 2020-12-30 | not yet calculated | CVE-2020-28413 MISC |
matrixssl — matrixssl |
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431. | 2020-12-30 | not yet calculated | CVE-2019-16747 CONFIRM MISC CONFIRM |
nayutaco — ptarmigan |
Ptarmigan before 0.2.3 lacks API token validation, e.g., an “if (token === apiToken) {return true;} return false;” code block. | 2020-12-30 | not yet calculated | CVE-2019-16281 MISC MISC MISC |
netbox_community — netbox |
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. | 2020-12-31 | not yet calculated | CVE-2019-25011 MISC MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50. | 2020-12-30 | not yet calculated | CVE-2020-35798 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78. | 2020-12-30 | not yet calculated | CVE-2020-35839 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35829 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35814 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35831 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35832 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35833 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, XR700 before 1.0.1.10, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, and RAX120 before 1.0.0.78. | 2020-12-30 | not yet calculated | CVE-2020-35813 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. | 2020-12-30 | not yet calculated | CVE-2020-35841 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35812 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74. | 2020-12-30 | not yet calculated | CVE-2020-35803 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35834 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35810 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66. | 2020-12-30 | not yet calculated | CVE-2020-35808 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78. | 2020-12-30 | not yet calculated | CVE-2020-35836 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78. | 2020-12-30 | not yet calculated | CVE-2020-35807 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, RAX120 before 1.0.0.78, and R7500v2 before 1.0.3.46. | 2020-12-30 | not yet calculated | CVE-2020-35828 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78. | 2020-12-30 | not yet calculated | CVE-2020-35806 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35818 MISC |
netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-12-30 | not yet calculated | CVE-2020-35811 MISC |
newgen — egov |
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users’ profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference. | 2020-12-30 | not yet calculated | CVE-2020-35737 MISC |
nhiservisignadapter — nhiservisignadapter | NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege. | 2020-12-31 | not yet calculated | CVE-2020-25843 MISC |
nhiservisignadapter — nhiservisignadapter | The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege. | 2020-12-31 | not yet calculated | CVE-2020-25844 MISC |
nhiservisignadapter — nhiservisignadapter | Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user’s credential. | 2020-12-31 | not yet calculated | CVE-2020-25845 MISC |
nhiservisignadapter — nhiservisignadapter | The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user’s credential. | 2020-12-31 | not yet calculated | CVE-2020-25846 MISC |
nhiservisignadapter — nhiservisignadapter |
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege. | 2020-12-31 | not yet calculated | CVE-2020-25842 MISC |
nokogiri — nokogiri |
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4. | 2020-12-30 | not yet calculated | CVE-2020-26247 MISC MISC CONFIRM MISC MISC |
npmjs — parse_server |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package “parse-server”. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage. | 2020-12-30 | not yet calculated | CVE-2020-26288 MISC MISC CONFIRM MISC |
npmjs — uri.js |
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (“) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example the URL `https://expected-example.com@observed-example.com` will incorrectly return `observed-example.com` if using an affected version. Patched versions correctly return `expected-example.com`. Patched versions match the behavior of other parsers which implement the WHATWG URL specification, including web browsers and Node’s built-in URL class. Version 1.19.4 is patched against all known payload variants. Version 1.19.3 has a partial patch but is still vulnerable to a payload variant.] | 2020-12-31 | not yet calculated | CVE-2020-26291 MISC MISC CONFIRM MISC |
npmjs — vega |
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim’s machine. This is fixed in version 5.17.3 | 2020-12-30 | not yet calculated | CVE-2020-26296 MISC MISC MISC CONFIRM MISC |
nukeviet — nukeviet | modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | 2020-12-31 | not yet calculated | CVE-2019-7726 MISC MISC CONFIRM MISC |
nukeviet — nukeviet |
includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP’s serialization format when JSON can be used to eliminate the risk). | 2020-12-31 | not yet calculated | CVE-2019-7725 MISC MISC CONFIRM CONFIRM |
openemr — openemr |
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. | 2020-12-31 | not yet calculated | CVE-2018-16795 MISC MISC |
oppo_charger — sm8250_q_master |
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. | 2020-12-31 | not yet calculated | CVE-2020-11835 MISC |
oppo_charger — sm8250_q_master |
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. | 2020-12-31 | not yet calculated | CVE-2020-11834 MISC |
oppo_charger — sm8250_q_master |
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability. | 2020-12-31 | not yet calculated | CVE-2020-11833 MISC |
plone — plone |
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | 2020-12-30 | not yet calculated | CVE-2020-28735 CONFIRM MISC MISC |
plone — plone |
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | 2020-12-30 | not yet calculated | CVE-2020-28734 CONFIRM MISC MISC |
plone — plone |
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | 2020-12-30 | not yet calculated | CVE-2020-28736 CONFIRM MISC MISC |
qdpm — qdpm |
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. | 2020-12-31 | not yet calculated | CVE-2020-26165 MISC MISC FULLDISC |
qemu — qemu |
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | 2020-12-31 | not yet calculated | CVE-2020-11947 MISC |
qemu — qemu |
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. | 2020-12-31 | not yet calculated | CVE-2019-20808 MISC MISC |
qnap — qts |
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later) | 2020-12-31 | not yet calculated | CVE-2018-19941 MISC |
qnap — qts |
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later) | 2020-12-31 | not yet calculated | CVE-2018-19944 MISC |
qnap — qts |
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. | 2020-12-31 | not yet calculated | CVE-2018-19945 MISC |
rocket_chat — rocket_chat |
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. | 2020-12-30 | not yet calculated | CVE-2020-29594 MISC MISC |
rusqlite — rusqlite | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module. | 2020-12-31 | not yet calculated | CVE-2020-35867 MISC MISC |
rusqlite — rusqlite | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification. | 2020-12-31 | not yet calculated | CVE-2020-35868 MISC MISC |
rusqlite — rusqlite | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. | 2020-12-31 | not yet calculated | CVE-2020-35869 MISC MISC |
rusqlite — rusqlite | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free. | 2020-12-31 | not yet calculated | CVE-2020-35870 MISC MISC |
rusqlite — rusqlite | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race. | 2020-12-31 | not yet calculated | CVE-2020-35871 MISC MISC |
rusqlite — rusqlite | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type. | 2020-12-31 | not yet calculated | CVE-2020-35872 MISC MISC |
rusqlite — rusqlite |
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor. | 2020-12-31 | not yet calculated | CVE-2020-35866 MISC MISC |
rust — http |
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness. | 2020-12-31 | not yet calculated | CVE-2019-25009 MISC |
rust — rust | An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. | 2020-12-31 | not yet calculated | CVE-2020-35927 MISC |
rust — rust |
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question. | 2020-12-31 | not yet calculated | CVE-2020-35903 MISC |
rust — rust |
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. | 2020-12-31 | not yet calculated | CVE-2020-35904 MISC |
rust — rust |
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | 2020-12-31 | not yet calculated | CVE-2020-35922 MISC |
rust — rust |
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed. | 2020-12-31 | not yet calculated | CVE-2020-35902 MISC |
rust — rust |
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream. | 2020-12-31 | not yet calculated | CVE-2020-35901 MISC |
rust — rust |
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | 2020-12-31 | not yet calculated | CVE-2020-35899 MISC |
rust — rust |
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | 2020-12-31 | not yet calculated | CVE-2020-35898 MISC |
rust — rust |
An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race. | 2020-12-31 | not yet calculated | CVE-2020-35897 MISC |
rust — rust |
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack. | 2020-12-31 | not yet calculated | CVE-2020-35896 MISC |
rust — rust |
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. | 2020-12-31 | not yet calculated | CVE-2020-35928 MISC |
rust — rust |
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion. | 2020-12-31 | not yet calculated | CVE-2020-35895 MISC |
rust — rust |
An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur. | 2020-12-31 | not yet calculated | CVE-2020-35894 MISC |
rust — rust |
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | 2020-12-31 | not yet calculated | CVE-2020-35893 MISC |
rust — rust |
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. | 2020-12-31 | not yet calculated | CVE-2020-35892 MISC |
rust — rust |
An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free. | 2020-12-31 | not yet calculated | CVE-2020-35900 MISC |
rust — rust |
An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation. | 2020-12-31 | not yet calculated | CVE-2020-35906 MISC |
rust — rust |
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). | 2020-12-31 | not yet calculated | CVE-2020-35905 MISC |
rust — rust |
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.) | 2020-12-31 | not yet calculated | CVE-2020-35916 MISC |
rust — rust |
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type. | 2020-12-31 | not yet calculated | CVE-2020-35924 MISC |
rust — rust |
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. | 2020-12-31 | not yet calculated | CVE-2020-35925 MISC |
rust — rust |
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | 2020-12-31 | not yet calculated | CVE-2020-35921 MISC |
rust — rust |
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. | 2020-12-31 | not yet calculated | CVE-2020-35926 MISC |
rust — rust |
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | 2020-12-31 | not yet calculated | CVE-2020-35920 MISC |
rust — rust |
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | 2020-12-31 | not yet calculated | CVE-2020-35919 MISC |
rust — rust |
An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. | 2020-12-31 | not yet calculated | CVE-2020-35918 MISC MISC |
rust — rust |
An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. | 2020-12-31 | not yet calculated | CVE-2020-35917 MISC |
rust — rust |
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. | 2020-12-31 | not yet calculated | CVE-2020-35890 MISC |
rust — rust |
An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. | 2020-12-31 | not yet calculated | CVE-2020-35923 MISC |
rust — rust |
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. | 2020-12-31 | not yet calculated | CVE-2020-35915 MISC |
rust — rust |
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. | 2020-12-31 | not yet calculated | CVE-2020-35914 MISC |
rust — rust |
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. | 2020-12-31 | not yet calculated | CVE-2020-35913 MISC |
rust — rust |
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. | 2020-12-31 | not yet calculated | CVE-2020-35912 MISC |
rust — rust |
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. | 2020-12-31 | not yet calculated | CVE-2020-35911 MISC |
rust — rust |
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. | 2020-12-31 | not yet calculated | CVE-2020-35910 MISC |
rust — rust |
An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server. | 2020-12-31 | not yet calculated | CVE-2020-35909 MISC |
rust — rust |
An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled. | 2020-12-31 | not yet calculated | CVE-2020-35908 MISC |
rust — rust |
An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference. | 2020-12-31 | not yet calculated | CVE-2020-35907 MISC |
rust — rust |
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free. | 2020-12-31 | not yet calculated | CVE-2020-35891 MISC |
rust — rust |
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | 2020-12-31 | not yet calculated | CVE-2020-35883 MISC |
rust — rust |
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike. | 2020-12-31 | not yet calculated | CVE-2020-35889 MISC |
rust — rust |
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly. | 2020-12-31 | not yet calculated | CVE-2020-35875 MISC |
rust — rust |
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. | 2020-12-31 | not yet calculated | CVE-2020-35888 MISC |
rust — rust |
An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free. | 2020-12-31 | not yet calculated | CVE-2018-25001 MISC |
rust — rust |
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption. | 2020-12-31 | not yet calculated | CVE-2020-35857 MISC |
rust — rust |
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM). | 2020-12-31 | not yet calculated | CVE-2020-35858 MISC |
rust — rust |
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. | 2020-12-31 | not yet calculated | CVE-2020-35859 MISC |
rust — rust |
An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code. | 2020-12-31 | not yet calculated | CVE-2020-35860 MISC |
rust — rust |
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys. | 2020-12-31 | not yet calculated | CVE-2020-35861 MISC |
rust — rust |
An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | 2020-12-31 | not yet calculated | CVE-2020-35862 MISC |
rust — rust |
An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. It has false expectations about char::from_u32_unchecked behavior. | 2020-12-31 | not yet calculated | CVE-2020-35865 MISC |
rust — rust |
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free. | 2020-12-31 | not yet calculated | CVE-2020-35874 MISC |
rust — rust |
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden. | 2020-12-31 | not yet calculated | CVE-2019-25010 MISC MISC |
rust — rust |
An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race. | 2020-12-31 | not yet calculated | CVE-2020-35876 MISC |
rust — rust |
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | 2020-12-31 | not yet calculated | CVE-2020-35878 MISC |
rust — rust |
An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. | 2020-12-31 | not yet calculated | CVE-2020-35879 MISC |
rust — rust |
An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation. | 2020-12-31 | not yet calculated | CVE-2020-35880 MISC |
rust — rust |
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x. | 2020-12-31 | not yet calculated | CVE-2020-35881 MISC |
rust — rust |
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race. | 2020-12-31 | not yet calculated | CVE-2020-35882 MISC |
rust — rust |
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. | 2020-12-31 | not yet calculated | CVE-2020-35884 MISC |
rust — rust |
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. | 2020-12-31 | not yet calculated | CVE-2020-35885 MISC |
rust — rust |
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. | 2020-12-31 | not yet calculated | CVE-2020-35886 MISC |
rust — rust |
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access. | 2020-12-31 | not yet calculated | CVE-2020-35877 MISC |
rust — rust |
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut. | 2020-12-31 | not yet calculated | CVE-2020-35887 MISC |
rustcrypto — chacha20 |
An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext. | 2020-12-31 | not yet calculated | CVE-2019-25005 MISC |
rustcrypto — hashes |
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic. | 2020-12-31 | not yet calculated | CVE-2019-25007 MISC |
rustcrypto — hashes |
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer. | 2020-12-31 | not yet calculated | CVE-2019-25006 MISC |
sentrifugo — sentrifugo |
** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-12-30 | not yet calculated | CVE-2020-28365 MISC MISC |
seopanel — seopanel |
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | 2020-12-31 | not yet calculated | CVE-2020-35930 MISC |
seopanel — seopanel |
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | 2021-01-01 | not yet calculated | CVE-2021-3002 MISC MISC |
smsecgroup — sm-vul |
An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack. | 2020-12-30 | not yet calculated | CVE-2019-15080 MISC MISC |
smsecgroup — sm-vul |
A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free. | 2020-12-30 | not yet calculated | CVE-2019-15079 MISC |
smsecgroup — sm-vul |
An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free. | 2020-12-30 | not yet calculated | CVE-2019-15078 MISC |
sodiumoxide — sodiumoxide |
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties. | 2020-12-31 | not yet calculated | CVE-2019-25002 MISC |
sysdream — usvn |
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069. | 2020-12-31 | not yet calculated | CVE-2020-17363 MISC |
team_amaze — amaze_file_manager |
The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). | 2020-12-30 | not yet calculated | CVE-2020-35173 MISC CONFIRM MISC |
tenda — ac1200 |
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | 2020-12-30 | not yet calculated | CVE-2020-28095 MISC |
tenda — n300 |
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device’s HTTP response behavior. | 2021-01-01 | not yet calculated | CVE-2020-35391 MISC |
umbraco — umbraco | A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload. | 2020-12-30 | not yet calculated | CVE-2020-5810 MISC |
umbraco — umbraco | A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS. | 2020-12-30 | not yet calculated | CVE-2020-5809 MISC |
umbraco — umbraco |
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | 2020-12-30 | not yet calculated | CVE-2020-5811 MISC |
webswing — jslink |
JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. | 2020-12-30 | not yet calculated | CVE-2020-11103 CONFIRM CONFIRM |
wondercms — wondercms |
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload. | 2020-12-30 | not yet calculated | CVE-2020-29233 MISC |
wondercms — wondercms |
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting – Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload. | 2020-12-30 | not yet calculated | CVE-2020-29469 MISC |
wordpress — wordpress | The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin). | 2021-01-01 | not yet calculated | CVE-2020-35934 MISC |
wordpress — wordpress | The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) | 2021-01-01 | not yet calculated | CVE-2020-35935 MISC |
wordpress — wordpress | An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). | 2021-01-01 | not yet calculated | CVE-2020-35951 MISC MISC |
wordpress — wordpress | An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). | 2021-01-01 | not yet calculated | CVE-2020-35950 MISC MISC |
wordpress — wordpress | An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file. | 2021-01-01 | not yet calculated | CVE-2020-35949 MISC MISC |
wordpress — wordpress | An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump. | 2021-01-01 | not yet calculated | CVE-2020-35948 MISC MISC |
wordpress — wordpress | An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur. | 2021-01-01 | not yet calculated | CVE-2020-35947 MISC MISC |
wordpress — wordpress | An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS. | 2021-01-01 | not yet calculated | CVE-2020-35946 MISC MISC |
wordpress — wordpress | An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side. | 2021-01-01 | not yet calculated | CVE-2020-35945 MISC MISC |
wordpress — wordpress | An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. | 2021-01-01 | not yet calculated | CVE-2020-35944 MISC MISC |
wordpress — wordpress | PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. | 2021-01-01 | not yet calculated | CVE-2020-35939 MISC |
wordpress — wordpress | PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. | 2021-01-01 | not yet calculated | CVE-2020-35938 MISC |
wordpress — wordpress | Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. | 2021-01-01 | not yet calculated | CVE-2020-35937 MISC |
wordpress — wordpress | Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. | 2021-01-01 | not yet calculated | CVE-2020-35936 MISC |
wordpress — wordpress |
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes. | 2021-01-01 | not yet calculated | CVE-2020-35932 MISC |
wordpress — wordpress |
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. | 2021-01-01 | not yet calculated | CVE-2020-35933 MISC |
zyxel — zyxel |
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. | 2020-12-27 | not yet calculated | CVE-2020-29299 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.