Vulnerability Summary for the Week of February 22, 2021

Original release date: March 1, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alleghenycreative — openrepeater OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. 2021-02-19 10 CVE-2019-25024
MISC
MISC
amaze_file_manager_project — amaze_file_manager Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. 2021-02-19 7.2 CVE-2020-36246
MISC
MISC
arubanetworks — clearpass_policy_manager A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. 2021-02-23 9 CVE-2021-26679
MISC
arubanetworks — clearpass_policy_manager A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. 2021-02-23 9 CVE-2021-26684
MISC
arubanetworks — clearpass_policy_manager A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. 2021-02-23 9 CVE-2021-26683
MISC
arubanetworks — clearpass_policy_manager A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. 2021-02-23 9 CVE-2021-26680
MISC
arubanetworks — clearpass_policy_manager A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges. 2021-02-23 7.2 CVE-2021-26677
MISC
atlassian — alfresco_enterprise_content_management An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. 2021-02-19 9 CVE-2020-12873
MISC
MISC
atlassian — jira An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. 2021-02-22 9 CVE-2021-26068
MISC
bloodhound_project — bloodhound components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter. 2021-02-19 9.3 CVE-2021-3210
MISC
MISC
MISC
botan_project — botan In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex). 2021-02-22 7.5 CVE-2021-24115
CONFIRM
MISC
MISC
collaboraoffice — online “loolforkit” is a privileged program that is supposed to be run by a special, non-privileged “lool” user. Before doing anything else “loolforkit” checks, if it was invoked by the “lool” user, and refuses to run with privileges, if it’s not the case. In the vulnerable version of “loolforkit” this check was wrong, so a normal user could start “loolforkit” and eventually get local root privileges. 2021-02-23 7.2 CVE-2021-25630
MISC
MISC
eyesofnetwork — eyesofnetwork EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). 2021-02-22 7.5 CVE-2021-27514
MISC
MISC
geojson2kml_project — geojson2kml All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require(“geojson2kml”); a(“./”,”& touch JHU”,function(){}) 2021-02-23 7.5 CVE-2020-28429
CONFIRM
inspur — clusterengine A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server 2021-02-22 10 CVE-2020-21224
MISC
MISC
linux — linux_kernel A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. 2021-02-19 7.2 CVE-2020-35499
MISC
microsoft — .net .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701. 2021-02-25 7.5 CVE-2021-24112
N/A
microsoft — .net .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. 2021-02-25 7.5 CVE-2021-26701
N/A
netshieldcorp — nano_25_firmware On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. 2021-02-22 9 CVE-2021-3149
MISC
MISC
nozominetworks — central_management_control OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. 2021-02-22 9 CVE-2021-26724
CONFIRM
nuance-gulp-build-common_project — nuance-gulp-build-common All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: /var a = require(“nuance-gulp-build-common”) a.run(“touch JHU”) 2021-02-23 7.5 CVE-2020-28430
MISC
qualcomm — apq8009 A buffer overflow can occur when playing an MKV clip due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-02-22 7.5 CVE-2020-11283
CONFIRM
qualcomm — apq8009_firmware Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-02-22 10 CVE-2020-11170
CONFIRM
qualcomm — apq8009_firmware Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-02-22 7.2 CVE-2020-11195
CONFIRM
qualcomm — apq8009_firmware User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-02-22 7.2 CVE-2020-11177
CONFIRM
qualcomm — apq8017_firmware Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-02-22 10 CVE-2020-11163
CONFIRM
qualcomm — aqt1000_firmware Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-02-22 7.2 CVE-2020-11223
CONFIRM
qualcomm — aqt1000_firmware Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-02-22 7.2 CVE-2020-11194
CONFIRM
qualcomm — aqt1000_firmware Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile 2021-02-22 7.2 CVE-2020-11187
CONFIRM
redhat — jboss_fuse A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. 2021-02-23 7.8 CVE-2020-27782
MISC
redhat — keycloak A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. 2021-02-23 7.5 CVE-2020-14359
MISC
MISC
shinobi — shinobi_pro An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI. 2021-02-22 7.5 CVE-2021-27228
MISC
MISC
MISC
smarty — smarty Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. 2021-02-22 7.5 CVE-2021-26120
MISC
sytech — xlreporter An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. 2021-02-19 7.2 CVE-2020-13549
MISC
theme-core_project — theme-core All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require(“theme-core”); a.utils.sh(“touch JHU”) 2021-02-23 7.5 CVE-2020-28432
MISC
tribe29 — checkmk Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory. 2021-02-19 7.2 CVE-2020-24908
MISC
wc-cmd_project — wc-cmd All versions of package wc-cmd are vulnerable to Command Injection via the index.js file. PoC: var a =require(“wc-cmd”); a(“touch JHU”) 2021-02-23 7.5 CVE-2020-28431
MISC
yithemes — woocommerce_gift_cards An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images. 2021-02-22 10 CVE-2021-3120
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acronis — cyber_protect An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. 2021-02-22 5 CVE-2020-35556
MISC
MISC
acronis — cyber_protect An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console. 2021-02-22 4.3 CVE-2020-35664
MISC
MISC
adobe — acrobat Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability. 2021-02-23 4.3 CVE-2020-29075
CONFIRM
adobe — bridge Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-02-25 6.8 CVE-2021-21065
MISC
adobe — bridge Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-02-25 6.8 CVE-2021-21066
MISC
advantech — webaccess/scada The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. 2021-02-23 6.5 CVE-2020-25161
MISC
aida64 — aida64 Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. 2021-02-19 4.6 CVE-2020-19513
EXPLOIT-DB
apache — myfaces In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. 2021-02-19 6.8 CVE-2021-26296
MISC
FULLDISC
MISC
arubanetworks — clearpass_policy_manager A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface. 2021-02-23 4.3 CVE-2021-26682
MISC
arubanetworks — clearpass_policy_manager A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. 2021-02-23 5.5 CVE-2021-26686
MISC
arubanetworks — clearpass_policy_manager A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. 2021-02-23 5.5 CVE-2021-26685
MISC
arubanetworks — clearpass_policy_manager A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account. 2021-02-23 4.6 CVE-2020-7120
MISC
asus — askey_rtf8115vw_firmware Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. 2021-02-19 5.8 CVE-2021-27404
MISC
asus — askey_rtf8115vw_firmware Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. 2021-02-19 4.3 CVE-2021-27403
MISC
atlassian — confluence The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. 2021-02-22 5 CVE-2020-29448
MISC
carrier — webctrl_system Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. 2021-02-22 4.3 CVE-2020-19762
MISC
chamilo — chamilo Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. 2021-02-19 4.3 CVE-2021-26746
CONFIRM
MISC
MISC
cira — canadian_shield The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation. 2021-02-23 4.3 CVE-2021-27189
MISC
FULLDISC
MISC
cnesty — helpcom Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page. 2021-02-24 6.8 CVE-2020-7846
CONFIRM
digium — asterisk A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. 2021-02-19 4 CVE-2021-26713
MISC
MISC
MISC
djangoproject — channels Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of session identifiers and other sensitive data. Note that this affects only the legacy Channels provided class, and not Django’s similar ASGIHandler, available from Django 3.0. 2021-02-22 5.8 CVE-2020-35681
CONFIRM
MISC
MISC
docsifyjs — docsify This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters 2021-02-19 4.3 CVE-2021-23342
MISC
FULLDISC
MISC
MISC
MISC
eyesofnetwork — eyesofnetwork The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on “le filtre userside.” 2021-02-22 6.5 CVE-2021-27513
MISC
MISC
fujielectric — v-server The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. 2021-02-19 6.8 CVE-2020-25171
MISC
genymobile — genymotion_desktop ** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host’s clipboard data to the Android application by default. NOTE: the vendor’s position is that this is intended behavior that can be changed through the Settings > Device screen. 2021-02-22 5 CVE-2021-27549
MISC
MISC
MISC
MISC
MISC
MISC
MISC
getgist — chatbox Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS. 2021-02-23 4.3 CVE-2020-35852
MISC
MISC
MISC
gnu — glibc The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. 2021-02-24 4.9 CVE-2021-27645
MISC
google — chrome Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-02-22 6.8 CVE-2021-21152
MISC
MISC
FEDORA
google — chrome Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2021-02-22 6.8 CVE-2021-21151
MISC
MISC
FEDORA
google — chrome Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. 2021-02-22 6.8 CVE-2021-21149
MISC
MISC
FEDORA
google — chrome Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2021-02-22 6.8 CVE-2021-21153
MISC
MISC
FEDORA
google — chrome Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2021-02-22 6.8 CVE-2021-21150
MISC
MISC
FEDORA
google — chrome Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2021-02-22 6.8 CVE-2021-21154
MISC
MISC
FEDORA
google — chrome Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-02-22 6.8 CVE-2021-21157
MISC
MISC
FEDORA
google — chrome Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. 2021-02-22 6.8 CVE-2021-21156
MISC
MISC
FEDORA
google — chrome Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2021-02-22 6.8 CVE-2021-21155
MISC
MISC
FEDORA
google — rendertron Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome’s access to your internal domain. 2021-02-23 4 CVE-2020-8902
CONFIRM
google — slashify The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. 2021-02-19 5.8 CVE-2021-3189
MISC
MISC
hubspot — jinjava Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure. 2021-02-19 6.8 CVE-2020-12668
MISC
MISC
MISC
MISC
MISC
ibm — planning_analytics IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization’s internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029. 2021-02-23 4 CVE-2020-4953
XF
CONFIRM
imagemagick — imagemagick In ImageMagick, there is an outside the range of representable values of type ‘unsigned int’ at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. 2021-02-23 4.3 CVE-2020-27768
MISC
intel — bmc_firmware Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. 2021-02-19 4.6 CVE-2020-12374
MISC
iptime — nas-i_firmware The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36. 2021-02-23 5.2 CVE-2020-7847
CONFIRM
jasper_project — jasper A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. 2021-02-23 4.3 CVE-2021-26927
MISC
MISC
jasper_project — jasper A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. 2021-02-23 5.8 CVE-2021-26926
MISC
MISC
jenkins — claim A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. 2021-02-24 4.3 CVE-2021-21620
CONFIRM
jenkins — configuration_slicing A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. 2021-02-24 6.8 CVE-2021-21617
MLIST
CONFIRM
jenkins — support_core Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the “About user (basic authentication details only)” information, which can include the session ID of the user creating the support bundle in some configurations. 2021-02-24 5 CVE-2021-21621
CONFIRM
johnsoncontrols — metasys_reporting_engine Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. 2021-02-19 5 CVE-2020-9050
CONFIRM
CERT
kaco-newenergy — xp100u_firmware KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability. 2021-02-23 5 CVE-2021-3252
MISC
MISC
MISC
libxls_project — libxls An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file. 2021-02-23 4.3 CVE-2020-27819
MISC
linux — linux_kernel A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. 2021-02-23 6.1 CVE-2021-20226
MISC
linux — linux_kernel There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. 2021-02-23 4.6 CVE-2021-20194
MISC
luxion — keyshot Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. 2021-02-23 6.8 CVE-2021-22649
MISC
luxion — keyshot Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. 2021-02-23 6.8 CVE-2021-22643
MISC
luxion — keyshot Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning. 2021-02-23 6.8 CVE-2021-22645
MISC
luxion — keyshot Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code. 2021-02-23 6.8 CVE-2021-22647
MISC
luxion — keyshot When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders. 2021-02-23 6.8 CVE-2021-22651
MISC
mailtrain — mailtrain Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. 2021-02-19 6 CVE-2020-24617
MISC
MISC
mantisbt — mantisbt An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings. 2021-02-22 4.3 CVE-2020-35571
MISC
mbsync_project — mbsync A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing ‘..’ path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. 2021-02-23 5.8 CVE-2021-20247
MISC
MISC
microsoft — .net .NET Core and Visual Studio Denial of Service Vulnerability 2021-02-25 4.3 CVE-2021-1721
N/A
microsoft — modernflow ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. 2021-02-19 4 CVE-2021-3339
MISC
MISC
nanohttpd — nanohttpd An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization. 2021-02-23 4.3 CVE-2020-13697
MISC
MISC
nozominetworks — central_management_control Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. 2021-02-22 4 CVE-2021-26725
CONFIRM
openenergymonitor — emoncms Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter. 2021-02-21 4.3 CVE-2021-26716
MISC
osc — open_ondemand Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. 2021-02-19 6.8 CVE-2020-36247
MISC
owncloud — file_firewall The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. 2021-02-19 5 CVE-2020-36249
MISC
owncloud — owncloud An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack. 2021-02-19 6.5 CVE-2020-10252
MISC
CONFIRM
MISC
owncloud — owncloud An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview. 2021-02-19 4.3 CVE-2020-10254
MISC
CONFIRM
MISC
owncloud — owncloud ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else’s access to that share. 2021-02-19 4 CVE-2020-36251
MISC
png-img_project — png-img An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file. 2021-02-20 6.8 CVE-2020-28248
MISC
MISC
MISC
MISC
polarisoffice — polaris_office Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file. 2021-02-23 4.3 CVE-2021-27550
MISC
postgresql — postgresql A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. 2021-02-23 4 CVE-2021-20229
MISC
qualcomm — apq8009 An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-02-22 4.6 CVE-2020-11286
CONFIRM
qualcomm — apq8009 Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 5 CVE-2020-11296
CONFIRM
qualcomm — apq8009 Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-02-22 4.6 CVE-2020-11282
CONFIRM
qualcomm — aqt1000 Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 5 CVE-2020-11287
CONFIRM
qualcomm — aqt1000_firmware Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile 2021-02-22 4.6 CVE-2020-11147
CONFIRM
redhat — 3scale_api_management A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability. 2021-02-23 6.8 CVE-2021-20252
MISC
redhat — openshift_container_platform A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-02-23 6.5 CVE-2021-20182
MISC
redhat — openshift_installer A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-02-23 6.8 CVE-2021-20198
MISC
redhat — satellite A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-02-23 4.6 CVE-2021-20256
MISC
scrapbox-parser_project — scrapbox-parser A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js. 2021-02-19 5 CVE-2021-27405
MISC
MISC
MISC
se — powerlogic_ion7400_firmware A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. 2021-02-19 5 CVE-2021-22702
MISC
se — powerlogic_ion7400_firmware A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. 2021-02-19 5 CVE-2021-22703
MISC
smartstore — smartstorenet An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). 2021-02-19 6.8 CVE-2020-27997
MISC
MISC
smarty — smarty Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. 2021-02-22 5 CVE-2021-26119
MISC
snowsoftware — snow_inventory Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings. 2021-02-23 6.8 CVE-2021-27579
MISC
softmaker — planmaker_2021 A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). 2021-02-23 6.8 CVE-2020-28587
MISC
stunnel — stunnel A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality. 2021-02-23 5 CVE-2021-20230
MISC
MISC
tasks — tasks “Tasks” application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions. 2021-02-22 4.6 CVE-2020-22475
MISC
MISC
telegram — telegram The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. 2021-02-19 5 CVE-2021-27351
MISC
twitter-stream_project — twitter-stream In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused). 2021-02-19 4.3 CVE-2020-24392
MISC
MISC
ui — unifi_protect_controller UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash. 2021-02-23 5 CVE-2021-22882
MISC
MISC
urijs_project — urijs URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. 2021-02-22 5 CVE-2021-27516
MISC
MISC
url-parse_project — url-parse url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. 2021-02-22 5 CVE-2021-27515
MISC
MISC
MISC
we-con — levistudiou Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. 2021-02-23 6.8 CVE-2020-16243
MISC
webware — webdesktop SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. 2021-02-19 4 CVE-2021-3204
MISC
yeastar — neogate_tg400_firmware Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key. 2021-02-19 4 CVE-2021-27328
MISC
MISC
MISC
yz1 — yz1 Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling. 2021-02-22 6.8 CVE-2020-24175
MISC
MISC
MISC
MISC
zohocorp — manageengine_adselfservice_plus A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. 2021-02-19 4.3 CVE-2021-27214
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — livy Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users’ sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating. 2021-02-20 3.5 CVE-2021-26544
MLIST
CONFIRM
CONFIRM
appspace — appspace A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes. 2021-02-22 3.5 CVE-2021-27564
MISC
custom_global_variables_project — custom_global_variables Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field. 2021-02-25 3.5 CVE-2021-3124
MISC
MISC
dell — emc_powerprotect_cyber_recovery Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. 2021-02-19 3.6 CVE-2021-21512
MISC
fastadmin — fastadmin fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background. 2021-02-23 3.5 CVE-2020-26609
MISC
MISC
MISC
jenkins — active_choices Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2021-02-24 3.5 CVE-2021-21616
MLIST
CONFIRM
jenkins — artifact_repository_parameter Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2021-02-24 3.5 CVE-2021-21622
CONFIRM
jenkins — claim Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins. 2021-02-24 3.5 CVE-2021-21619
MLIST
CONFIRM
jenkins — repository_connector Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2021-02-24 3.5 CVE-2021-21618
CONFIRM
keybase — keybase Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the “Explode message/Explode now” functionality. Local filesystem access is needed by the attacker. 2021-02-23 2.1 CVE-2021-23827
MISC
MISC
MISC
lightcms_project — lightcms A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. 2021-02-24 3.5 CVE-2021-3355
MISC
MISC
monicahq — monica The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. 2021-02-22 3.5 CVE-2021-27368
MISC
MISC
monicahq — monica The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field. 2021-02-22 3.5 CVE-2021-27370
MISC
MISC
MISC
monicahq — monica The Contact page in Monica 2.19.1 allows stored XSS via the Description field. 2021-02-22 3.5 CVE-2021-27371
MISC
MISC
monicahq — monica The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. 2021-02-22 3.5 CVE-2021-27559
MISC
MISC
monicahq — monica The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. 2021-02-22 3.5 CVE-2021-27369
MISC
MISC
mybb — mybb MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). 2021-02-22 3.5 CVE-2021-27279
CONFIRM
CONFIRM
MISC
owncloud — owncloud ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. 2021-02-19 2.7 CVE-2020-36252
MISC
owncloud — owncloud The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. 2021-02-19 2.1 CVE-2020-36248
MISC
owncloud — owncloud In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. 2021-02-19 2.1 CVE-2020-36250
MISC
se — powerlogic_ion7400_firmware A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. 2021-02-19 3.5 CVE-2021-22701
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — ac500_v2_products
 
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. 2021-02-26 not yet calculated CVE-2020-24686
CONFIRM
advantech — bb-eswgp506-2sfp-t
 
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). 2021-02-24 not yet calculated

MISC

  CVE-2021-22667

aiohttp — aiohttp
 
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows “pip install aiohttp >= 3.7.4”. If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications. 2021-02-26 not yet calculated CVE-2021-21330
MISC
MISC
CONFIRM
MISC
DEBIAN
amazon — pay_plugin
 
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor. 2021-02-26 not yet calculated CVE-2020-28199
MISC
MISC
aoache — batik
 
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. 2021-02-24 not yet calculated CVE-2020-11987
MISC
apache — xmlgraphics_comms
 
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. 2021-02-24 not yet calculated CVE-2020-11988
MISC
appspace — appspace
 
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. 2021-02-25 not yet calculated CVE-2021-27670
MISC
aruba — clearpass_policy_manager
 
A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2021-02-23 not yet calculated CVE-2021-26678
MISC
aruba — clearpass_policy_mananager
 
A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. 2021-02-23 not yet calculated CVE-2021-26681
MISC
atlassian — gadgets
 
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled. 2021-02-22 not yet calculated CVE-2020-36232
MISC
atlassian — jira
 
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. 2021-02-22 not yet calculated CVE-2020-29453
MISC
bosch — video_recording_manager
 
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM. 2021-02-26 not yet calculated CVE-2019-11684
CONFIRM
brave — brave
 
Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108 2021-02-23 not yet calculated CVE-2021-21323
MISC
CONFIRM
MISC
MISC
MISC
cisco — aci_multi-site_orchestrator
 
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices. 2021-02-24 not yet calculated CVE-2021-1388
CISCO
cisco — anyconnect_secure_mobility_client
 
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin. 2021-02-24 not yet calculated CVE-2021-1450
CISCO
cisco — application_services_engine
 
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory. 2021-02-24 not yet calculated CVE-2021-1393
CISCO
cisco — application_services_engine
 
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory. 2021-02-24 not yet calculated CVE-2021-1396
CISCO
cisco — fxos_and_nx-os
 
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability. 2021-02-24 not yet calculated CVE-2021-1368
CISCO
cisco — nexus_9000_series_fabric_switches A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic. 2021-02-24 not yet calculated CVE-2021-1231
CISCO
cisco — nexus_9000_series_fabric_switches A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing. 2021-02-24 not yet calculated CVE-2021-1361
CISCO
cisco — nexus_9000_series_fabric_switches
 
A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. This vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a crafted LLDP packet on the adjacent subnet to an affected device. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints. 2021-02-24 not yet calculated CVE-2021-1228
CISCO
cisco — nexus_9000_series_fabric_switches
 
A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition. This vulnerability is due to an issue with the installation of routes upon receipt of a BGP update. An attacker could exploit this vulnerability by sending a crafted BGP update to an affected device. A successful exploit could allow the attacker to cause the routing process to crash, which could cause the device to reload. This vulnerability applies to both Internal BGP (IBGP) and External BGP (EBGP). Note: The Cisco implementation of BGP accepts incoming BGP traffic from explicitly configured peers only. To exploit this vulnerability, an attacker would need to send a specific BGP update message over an established TCP connection that appears to come from a trusted BGP peer. 2021-02-24 not yet calculated CVE-2021-1230
CISCO
cisco — nx-os A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory. 2021-02-24 not yet calculated CVE-2021-1387
CISCO
cisco — nx-os
 
A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 packet. An attacker could exploit this vulnerability by sending a sustained rate of crafted ICMPv6 packets to a local IPv6 address on a targeted device. A successful exploit could allow the attacker to cause a system memory leak in the ICMPv6 process on the device. As a result, the ICMPv6 process could run out of system memory and stop processing traffic. The device could then drop all ICMPv6 packets, causing traffic instability on the device. Restoring device functionality would require a device reboot. 2021-02-24 not yet calculated CVE-2021-1229
CISCO
cisco — nx-os
 
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default. 2021-02-24 not yet calculated CVE-2021-1227
CISCO
cisco — nx-os
 
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition. 2021-02-24 not yet calculated CVE-2021-1367
CISCO
comrak_crate — comrak_crate
 
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack. 2021-02-25 not yet calculated CVE-2021-27671
MISC
contec — solarview_compact Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors. 2021-02-24 not yet calculated CVE-2021-20657
MISC
MISC
MISC
contec — solarview_compact SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors. 2021-02-24 not yet calculated CVE-2021-20658
MISC
MISC
MISC
contec — solarview_compact Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. 2021-02-24 not yet calculated CVE-2021-20661
MISC
MISC
MISC
contec — solarview_compact Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors. 2021-02-24 not yet calculated CVE-2021-20662
MISC
MISC
MISC
contec — solarview_compact
 
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors. 2021-02-24 not yet calculated CVE-2021-20656
MISC
MISC
MISC
contec — solarview_compact
 
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code. 2021-02-24 not yet calculated CVE-2021-20659
MISC
MISC
MISC
contec — solarview_compact
 
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors. 2021-02-24 not yet calculated CVE-2021-20660
MISC
MISC
MISC
directus — directus ** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-02-23 not yet calculated CVE-2021-26594
MISC
directus — directus
 
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-02-23 not yet calculated CVE-2021-26595
MISC
directus — directus
 
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-02-23 not yet calculated CVE-2021-27583
MISC
directus — directus
 
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-02-23 not yet calculated CVE-2021-26593
MISC
dropbear — dropbear
 
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. 2021-02-25 not yet calculated CVE-2020-36254
MISC
eclipse — jetty
 
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality� (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. 2021-02-26 not yet calculated CVE-2020-27223
CONFIRM
CONFIRM
eclipse — theia
 
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. 2021-02-24 not yet calculated CVE-2020-27224
CONFIRM
ewelink — ewelink
 
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. 2021-02-24 not yet calculated CVE-2020-12702
MISC
MISC
MISC
MISC
fontforge — fontforge
 
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-02-23 not yet calculated CVE-2020-25690
MISC
gnu — c_library
 
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. 2021-02-26 not yet calculated CVE-2020-27618
MISC
MISC
google — android In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547. 2021-02-26 not yet calculated CVE-2021-0405
MISC
google — android In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085. 2021-02-26 not yet calculated CVE-2021-0367
MISC
google — android In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418. 2021-02-26 not yet calculated CVE-2021-0406
MISC
google — android In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265. 2021-02-26 not yet calculated CVE-2021-0401
MISC
google — android
 
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124. 2021-02-26 not yet calculated CVE-2021-0403
MISC
google — android
 
In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039. 2021-02-26 not yet calculated CVE-2021-0404
MISC
google — android
 
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093. 2021-02-26 not yet calculated CVE-2021-0366
MISC
google — android
 
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311. 2021-02-26 not yet calculated CVE-2021-0402
MISC
gopeak — masterlab
 
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the ‘source’ parameter. 2021-02-25 not yet calculated CVE-2020-23534
MISC
gotenberg — thecodingmachine
 
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src=’https://us-cert.cisa.govfile:///etc/passwd’>. 2021-02-26 not yet calculated CVE-2021-23345
MISC
MISC
i-doit — i-doit
 
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS. 2021-02-27 not yet calculated CVE-2021-3151
MISC
MISC
ibm — multiple_products
 
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. 2021-02-24 not yet calculated CVE-2020-4931
XF
CONFIRM
kaspersky — rescue_disk
 
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component. 2021-02-26 not yet calculated CVE-2020-26200
MISC
keylime — keylime
 
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. 2021-02-25 not yet calculated CVE-2021-3406
MISC
MISC
libcaca — libcaca
 
A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. 2021-02-23 not yet calculated CVE-2021-3410
MISC
MISC
libebml — libebml
 
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. 2021-02-23 not yet calculated CVE-2021-3405
MISC
lma — isida_retriever
 
LMA ISIDA Retriever 5.2 allows SQL Injection. 2021-02-26 not yet calculated CVE-2021-26904
MISC
MISC
lma — isida_retriever
 
LMA ISIDA Retriever 5.2 is vulnerable to XSS via query[‘text’]. 2021-02-26 not yet calculated CVE-2021-26903
MISC
MISC
magento — upward-php
 
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation. 2021-02-25 not yet calculated CVE-2021-21064
MISC
MISC
micro_focus — solutions_business_manager Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. 2021-02-26 not yet calculated CVE-2019-18945
CONFIRM
micro_focus — solutions_business_manager Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. 2021-02-26 not yet calculated CVE-2019-18947
CONFIRM
micro_focus — solutions_business_manager
 
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. 2021-02-26 not yet calculated CVE-2019-18942
CONFIRM
micro_focus — solutions_business_manager
 
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. 2021-02-26 not yet calculated CVE-2019-18943
MISC
micro_focus — solutions_business_manager
 
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. 2021-02-26 not yet calculated CVE-2019-18944
CONFIRM
micro_focus — solutions_business_manager
 
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. 2021-02-26 not yet calculated CVE-2019-18946
CONFIRM
microsoft — azure
 
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability 2021-02-25 not yet calculated CVE-2021-24109
N/A
microsoft — azure
 
Azure IoT CLI extension Elevation of Privilege Vulnerability 2021-02-25 not yet calculated CVE-2021-24087
N/A
microsoft — dynamics_365 Microsoft Dataverse Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-24101
N/A
microsoft — dynamics_business_central
 
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability 2021-02-25 not yet calculated CVE-2021-1724
N/A
microsoft — edge
 
Microsoft Edge for Android Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-24100
N/A
microsoft — edge
 
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2021-02-25 not yet calculated CVE-2021-24113
N/A
microsoft — excel Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24070. 2021-02-25 not yet calculated CVE-2021-24069
N/A
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24069. 2021-02-25 not yet calculated CVE-2021-24070
N/A
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24068, CVE-2021-24069, CVE-2021-24070. 2021-02-25 not yet calculated CVE-2021-24067
N/A
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24069, CVE-2021-24070. 2021-02-25 not yet calculated CVE-2021-24068
N/A
microsoft — exchange_server Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730. 2021-02-25 not yet calculated CVE-2021-24085
N/A
microsoft — exchange_server
 
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-24085. 2021-02-25 not yet calculated CVE-2021-1730
N/A
microsoft — installer
 
Windows Installer Elevation of Privilege Vulnerability 2021-02-25 not yet calculated CVE-2021-1727
N/A
microsoft — package_managers_configurations
 
Package Managers Configurations Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24105
N/A
microsoft — powershell
 
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability 2021-02-25 not yet calculated CVE-2021-24082
N/A
microsoft — sharepoint Microsoft SharePoint Server Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24072
N/A
microsoft — sharepoint
 
Microsoft SharePoint Spoofing Vulnerability 2021-02-25 not yet calculated CVE-2021-1726
N/A
microsoft — sharepoint
 
Microsoft SharePoint Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-24071
N/A
microsoft — sharepoint
 
Microsoft SharePoint Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24066
N/A
microsoft — skype
 
Skype for Business and Lync Denial of Service Vulnerability 2021-02-25 not yet calculated CVE-2021-24099
N/A
microsoft — skype
 
Skype for Business and Lync Spoofing Vulnerability 2021-02-25 not yet calculated CVE-2021-24073
N/A
microsoft — teams
 
Microsoft Teams iOS Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-24114
N/A
microsoft — visual_studio_code Visual Studio Code npm-script Extension Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-26700
N/A
microsoft — visual_studio_code
 
Visual Studio Code Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-1639
N/A
microsoft — windows Windows DirectX Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-24106
N/A
microsoft — windows Windows Local Spooler Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24088
N/A
microsoft — windows .NET Framework Denial of Service Vulnerability 2021-02-25 not yet calculated CVE-2021-24111
N/A
microsoft — windows Microsoft Windows Codecs Library Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24081
N/A
microsoft — windows Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102. 2021-02-25 not yet calculated CVE-2021-24103
N/A
microsoft — windows Windows Camera Codec Pack Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24091
N/A
microsoft — windows Windows Console Driver Denial of Service Vulnerability 2021-02-25 not yet calculated CVE-2021-24098
N/A
microsoft — windows Windows Address Book Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24083
N/A
microsoft — windows Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074. 2021-02-25 not yet calculated CVE-2021-24094
N/A
microsoft — windows
 
Microsoft Defender Elevation of Privilege Vulnerability 2021-02-25 not yet calculated CVE-2021-24092
N/A
microsoft — windows
 
Windows Graphics Component Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24093
MISC
N/A
microsoft — windows
 
Windows Kernel Elevation of Privilege Vulnerability 2021-02-25 not yet calculated CVE-2021-24096
N/A
microsoft — windows
 
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103. 2021-02-25 not yet calculated CVE-2021-24102
N/A
microsoft — windows
 
Windows PKU2U Elevation of Privilege Vulnerability 2021-02-25 not yet calculated CVE-2021-25195
N/A
microsoft — windows
 
Sysinternals PsExec Elevation of Privilege Vulnerability 2021-02-25 not yet calculated CVE-2021-1733
N/A
microsoft — windows
 
PFX Encryption Security Feature Bypass Vulnerability 2021-02-25 not yet calculated CVE-2021-1731
N/A
microsoft — windows
 
System Center Operations Manager Elevation of Privilege Vulnerability 2021-02-25 not yet calculated CVE-2021-1728
N/A
microsoft — windows
 
Microsoft Windows Security Feature Bypass Vulnerability 2021-02-25 not yet calculated CVE-2020-17162
N/A
microsoft — windows
 
Windows Remote Procedure Call Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-1734
N/A
microsoft — windows
 
Microsoft Windows VMSwitch Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-24076
N/A
microsoft — windows
 
Windows Network File System Denial of Service Vulnerability 2021-02-25 not yet calculated CVE-2021-24075
N/A
microsoft — windows
 
Windows TCP/IP Denial of Service Vulnerability 2021-02-25 not yet calculated CVE-2021-24086
N/A
microsoft — windows
 
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094. 2021-02-25 not yet calculated CVE-2021-24074
N/A
microsoft — windows
 
Windows Mobile Device Management Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-24084
N/A
microsoft — windows
 
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722. 2021-02-25 not yet calculated CVE-2021-24077
N/A
microsoft — windows
 
Windows DNS Server Remote Code Execution Vulnerability 2021-02-25 not yet calculated CVE-2021-24078
N/A
microsoft — windows
 
Windows Backup Engine Information Disclosure Vulnerability 2021-02-25 not yet calculated CVE-2021-24079
N/A
microsoft — windows
 
Windows Trust Verification API Denial of Service Vulnerability 2021-02-25 not yet calculated CVE-2021-24080
N/A
microsoft — windows_fax_service
 
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077. 2021-02-25 not yet calculated CVE-2021-1722
N/A
microsoft — windows_win32k
 
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1732. 2021-02-25 not yet calculated CVE-2021-1698
N/A
microsoft — windows_win32k
 
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698. 2021-02-25 not yet calculated CVE-2021-1732
N/A
mongodb — mongodb A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. 2021-02-25 not yet calculated CVE-2021-20327
MISC
mongodb — mongodb
 
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. 2021-02-25 not yet calculated CVE-2021-20328
MISC
mozilla — firefox One phishing tactic on the web is to provide a link with HTTP Auth. For example ‘https://www.phishingtarget.com@evil.com’. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. 2021-02-26 not yet calculated CVE-2021-23972
MISC
MISC
mozilla — firefox Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. 2021-02-26 not yet calculated CVE-2021-23979
MISC
MISC
mozilla — firefox Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. 2021-02-26 not yet calculated CVE-2021-23977
MISC
MISC
mozilla — firefox When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. 2021-02-26 not yet calculated CVE-2021-23976
MISC
MISC
mozilla — firefox The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86. 2021-02-26 not yet calculated CVE-2021-23975
MISC
MISC
mozilla — firefox The DOMParser API did not properly process ‘<noscript>’ elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. 2021-02-26 not yet calculated CVE-2021-23974
MISC
MISC
mozilla — firefox Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23965
MISC
MISC
mozilla — firefox An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23959
MISC
MISC
mozilla — firefox The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23958
MISC
MISC
mozilla — firefox
 
Incorrect use of the ‘<RowCountChanged>’ method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23962
MISC
MISC
mozilla — firefox
 
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. 2021-02-26 not yet calculated CVE-2021-23970
MISC
MISC
mozilla — firefox
 
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23957
MISC
MISC
mozilla — firefox
 
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network’s hosts as well as services running on the user’s local machine. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23961
MISC
MISC
mozilla — firefox
 
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23963
MISC
MISC
mozilla — firefox
 
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect’s Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. 2021-02-26 not yet calculated CVE-2021-23971
MISC
MISC
mozilla — firefox
 
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23956
MISC
MISC
mozilla — firefox
 
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. 2021-02-26 not yet calculated CVE-2021-23955
MISC
MISC
mozilla — multiple_products If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2021-02-26 not yet calculated CVE-2021-23953
MISC
MISC
MISC
MISC
mozilla — multiple_products Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2021-02-26 not yet calculated CVE-2021-23978
MISC
MISC
MISC
MISC
mozilla — multiple_products When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2021-02-26 not yet calculated CVE-2021-23973
MISC
MISC
MISC
MISC
mozilla — multiple_products
 
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2021-02-26 not yet calculated CVE-2021-23960
MISC
MISC
MISC
MISC
mozilla — multiple_products
 
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2021-02-26 not yet calculated CVE-2021-23964
MISC
MISC
MISC
MISC
mozilla — multiple_products
 
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2021-02-26 not yet calculated CVE-2021-23954
MISC
MISC
MISC
MISC
mozilla — multiple_products
 
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2021-02-26 not yet calculated CVE-2021-23968
MISC
MISC
MISC
MISC
mozilla — multiple_products
 
As specified in the W3C Content Security Policy draft, when creating a violation report, “User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.” Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination’s origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2021-02-26 not yet calculated CVE-2021-23969
MISC
MISC
MISC
MISC
mupdf — mupdf
 
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. 2021-02-23 not yet calculated CVE-2021-3407
MISC
nagios — xi
 
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI’s web system. 2021-02-25 not yet calculated CVE-2021-3273
MISC
MISC
netplex — json-smart
 
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. 2021-02-23 not yet calculated CVE-2021-27568
MISC
MISC
nextcloud — deck
 
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. 2021-02-23 not yet calculated CVE-2020-8297
MISC
MISC
MISC
node-red — node-red Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is able to access any file via the Projects API. The issue has been patched in Node-RED 1.2.8. The vulnerability applies only to the Projects feature which is not enabled by default in Node-RED. The primary workaround is not give untrusted users read access to the Node-RED editor. 2021-02-26 not yet calculated CVE-2021-21298
MISC
MISC
CONFIRM
MISC
node-red — node-red
 
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url. 2021-02-26 not yet calculated CVE-2021-21297
MISC
CONFIRM
MISC
MISC
openid — connect_server
 
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest. 2021-02-23 not yet calculated CVE-2021-27582
MISC
MISC
openscad — openscad
 
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-02-24 not yet calculated CVE-2020-28599
MISC
opensuse — opesuse
 
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. 2021-02-25 not yet calculated CVE-2020-8032
CONFIRM
opentext — content_server
 
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. 2021-02-26 not yet calculated CVE-2021-3010
MISC
MISC
owncloud — owncloud/client
 
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. 2021-02-26 not yet calculated CVE-2020-28646
MISC
MISC
p2p — p2p
 
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. 2021-02-26 not yet calculated CVE-2021-27803
MLIST
MISC
MISC
MISC
prestashop — prestashop PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2 2021-02-26 not yet calculated CVE-2021-21308
MISC
MISC
CONFIRM
prestashop — prestashop
 
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2 2021-02-26 not yet calculated CVE-2021-21302
MISC
MISC
CONFIRM
prosoft_technology — icx35-hwc-a_and_icx35-hwc-e
 
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior). 2021-02-26 not yet calculated CVE-2021-22661
MISC
qemu — qemu
 
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. 2021-02-25 not yet calculated CVE-2021-20203
MISC
MISC
qualcomm — multiple_snapdragon_products Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-02-22 not yet calculated CVE-2020-11253
CONFIRM
qualcomm — multiple_snapdragon_products Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11281
CONFIRM
qualcomm — multiple_snapdragon_products Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-02-22 not yet calculated CVE-2020-11297
CONFIRM
qualcomm — multiple_snapdragon_products Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11280
CONFIRM
qualcomm — multiple_snapdragon_products Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11271
CONFIRM
qualcomm — multiple_snapdragon_products Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11278
CONFIRM
qualcomm — multiple_snapdragon_products Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11270
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile 2021-02-22 not yet calculated CVE-2020-11277
CONFIRM
qualcomm — multiple_snapdragon_products
 
Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-02-22 not yet calculated CVE-2020-11203
CONFIRM
qualcomm — multiple_snapdragon_products
 
Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-02-22 not yet calculated CVE-2020-11272
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11275
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11276
CONFIRM
qualcomm — multiple_snapdragon_products
 
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11198
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11269
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-11204
CONFIRM
qualcomm — multiple_snapdragon_products
 
Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-02-22 not yet calculated CVE-2020-3664
CONFIRM
redis — redis
 
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways. 2021-02-26 not yet calculated CVE-2021-21309
MISC
MISC
CONFIRM
resitfy-paginate The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. 2021-02-25 not yet calculated CVE-2020-27543
MISC
MISC
MISC
saltstack — salt In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. 2021-02-27 not yet calculated CVE-2020-35662
CONFIRM
saltstack — salt
 
An issue was discovered in SaltStack Salt before 3002.5. The minion’s restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. 2021-02-27 not yet calculated CVE-2020-28243
CONFIRM
saltstack — salt
 
An issue was discovered in SaltStack Salt before 3002.5. The salt-api’s ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. 2021-02-27 not yet calculated CVE-2021-3197
MISC
CONFIRM
saltstack — salt
 
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. 2021-02-27 not yet calculated CVE-2021-25284
MISC
CONFIRM
saltstack — salt
 
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. 2021-02-27 not yet calculated CVE-2020-28972
CONFIRM
saltstack — salt
 
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. 2021-02-27 not yet calculated CVE-2021-25283
MISC
CONFIRM
saltstack — salt
 
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. 2021-02-27 not yet calculated CVE-2021-25282
MISC
CONFIRM
saltstack — salt
 
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. 2021-02-27 not yet calculated CVE-2021-25281
MISC
CONFIRM
MISC
saltstack — salt
 
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. 2021-02-27 not yet calculated CVE-2021-3148
MISC
CONFIRM
saltstack — salt
 
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) 2021-02-27 not yet calculated CVE-2021-3144
MISC
CONFIRM
scytl — svote
 
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. 2021-02-27 not yet calculated CVE-2019-25021
MISC
scytl — svote
 
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. 2021-02-27 not yet calculated CVE-2019-25020
MISC
scytl — svote
 
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. 2021-02-27 not yet calculated CVE-2019-25022
MISC
scytl — svote
 
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. 2021-02-27 not yet calculated CVE-2019-25023
MISC
sercomm — ag_combo_vd625_agsot_devices
 
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. 2021-02-27 not yet calculated CVE-2021-27132
MISC
MISC
swift — vapor
 
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters. 2021-02-26 not yet calculated CVE-2021-21328
MISC
MISC
CONFIRM
MISC
synapse — synapse
 
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. 2021-02-26 not yet calculated CVE-2021-21274
MISC
MISC
MISC
CONFIRM
synapse — synapse
 
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. 2021-02-26 not yet calculated CVE-2021-21273
MISC
MISC
MISC
CONFIRM
synology — diskstation_manager Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. 2021-02-26 not yet calculated CVE-2021-26561
CONFIRM
synology — diskstation_manager Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. 2021-02-26 not yet calculated CVE-2021-26562
CONFIRM
synology — diskstation_manager Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. 2021-02-26 not yet calculated CVE-2021-26565
CONFIRM
synology — diskstation_manager Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. 2021-02-26 not yet calculated CVE-2021-26564
CONFIRM
synology — diskstation_manager Use of unmaintained third party components vulnerability in faad in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via a crafted file path. 2021-02-26 not yet calculated CVE-2021-26567
CONFIRM
synology — diskstation_manager Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. 2021-02-26 not yet calculated CVE-2021-26566
CONFIRM
synology — diskstation_manager
 
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. 2021-02-26 not yet calculated CVE-2021-26560
CONFIRM
synology — diskstation_manager
 
Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module. 2021-02-26 not yet calculated CVE-2021-26563
CONFIRM
tpm2 — tpm2 Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. 2021-02-26 not yet calculated CVE-2020-24455
CONFIRM
CONFIRM
CONFIRM
triconsole — datepicker_calendar
 
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. 2021-02-25 not yet calculated CVE-2021-27330
MISC
MISC
MISC
MISC
undertow — undertow
 
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. 2021-02-23 not yet calculated CVE-2021-20220
MISC
visualware — myconnection_server
 
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. 2021-02-19 not yet calculated CVE-2021-27509
MISC
visualware — myconnection_server
 
An issue was discovered in Visualware MyConnection Server through 11.0b build 5382. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. 2021-02-26 not yet calculated CVE-2021-27198
MISC
MISC
MISC
MISC
vmware — multiple_products
 
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. 2021-02-24 not yet calculated CVE-2021-21974
CONFIRM
MISC
vmware — spring
 
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security’s StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. 2021-02-23 not yet calculated CVE-2021-22113
CONFIRM
vmware — spring_security Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application’s intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. 2021-02-23 not yet calculated CVE-2021-22112
MLIST
MISC
vmware — vcenter_server_and_cloud_foundation
 
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). 2021-02-24 not yet calculated CVE-2021-21972
CONFIRM
vmware — vcenter_server_and_cloud_foundation
 
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). 2021-02-24 not yet calculated CVE-2021-21973
CONFIRM
voiceye — wsactivebridgees
 
VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page. 2021-02-24 not yet calculated CVE-2020-7836
CONFIRM
weberp — weberp
 
In webERP 4.15, the ManualContents.php file allows users to specify the “Language” parameter, which can lead to local file inclusion. 2021-02-22 not yet calculated CVE-2020-22474
MISC
zenphoto — zenphoto
 
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server’s uploaded/ directory. 2021-02-26 not yet calculated CVE-2020-36079
MISC
zint — barcode_generator
 
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code. 2021-02-26 not yet calculated CVE-2021-27799
MISC
MISC
MISC
MISC
MISC
zte — zxr10_8900e
 
A ZTE product has a memory leak vulnerability. Due to the product’s improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1. 2021-02-26 not yet calculated CVE-2021-21724
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.