Original release date: February 8, 2021
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accel-ppp — accel-ppp | Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution. | 2021-02-01 | 7.5 | CVE-2020-28194 MISC MISC |
adt — lifeshield_diy_hd_video_doorbell_firmware | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions. | 2021-02-02 | 8.3 | CVE-2020-8101 CONFIRM |
apache — druid | Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process. | 2021-01-29 | 9 | CVE-2021-25646 MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MISC MLIST |
apache — shiro | Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 2021-02-03 | 9 | CVE-2020-17523 MISC |
asus — rt-ax86u_firmware | ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data. | 2021-02-01 | 7.5 | CVE-2020-36109 MISC |
belkin — linksys_wrt160nl_firmware | ** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | 2021-02-02 | 9 | CVE-2021-25310 MISC MISC |
bitovi — launchpad | All versions of package launchpad are vulnerable to Command Injection via stop. | 2021-02-01 | 7.5 | CVE-2021-23330 CONFIRM CONFIRM CONFIRM |
cdr_project — cdr | An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness. | 2021-01-29 | 7.5 | CVE-2021-26305 MISC |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1341 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1337 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1338 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1339 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1340 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1347 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1343 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1344 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1345 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1346 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1335 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1348 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1336 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1342 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1334 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1324 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1333 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1319 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1320 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1321 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1322 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1323 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1325 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1326 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1327 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1328 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1329 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1330 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1331 CISCO |
cisco — rv016_multi-wan_vpn_router_firmware | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | 2021-02-04 | 9 | CVE-2021-1332 CISCO |
cmswing — cmswing | An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | 2021-02-01 | 7.5 | CVE-2020-20294 MISC |
cmswing — cmswing | An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | 2021-02-01 | 7.5 | CVE-2020-20296 MISC |
cmswing — cmswing | An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | 2021-02-01 | 7.5 | CVE-2020-20295 MISC |
dlink — dns-320_firmware | D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | 2021-02-02 | 7.5 | CVE-2020-25506 MISC MISC MISC |
dlink — dsr-250_firmware | The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | 2021-02-02 | 7.5 | CVE-2020-18568 MISC MISC |
dotty_project — dotty | Prototype pollution vulnerability in ‘dotty’ versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution. | 2021-02-02 | 7.5 | CVE-2021-25912 MISC MISC |
fortilogger — fortilogger | FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a “Content-Type: image/png” header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. | 2021-02-01 | 7.5 | CVE-2021-3378 MISC |
gnupg — libgcrypt | _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. | 2021-01-29 | 7.2 | CVE-2021-3345 MISC MISC MISC MISC MISC |
google — android | In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962. | 2021-02-04 | 7.2 | CVE-2021-0343 MISC |
google — android | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021). | 2021-02-04 | 7.5 | CVE-2021-26689 MISC |
google — android | In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05349201. | 2021-02-04 | 7.2 | CVE-2021-0348 MISC |
google — android | In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05362646. | 2021-02-04 | 7.2 | CVE-2021-0349 MISC |
google — android | In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05437558. | 2021-02-04 | 7.2 | CVE-2021-0344 MISC |
google — android | In wlan driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05412917. | 2021-02-04 | 7.8 | CVE-2021-0351 MISC |
google — android | In vpu, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05371580. | 2021-02-04 | 7.2 | CVE-2021-0346 MISC |
google — android | In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05432974. | 2021-02-04 | 7.2 | CVE-2021-0345 MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution. | 2021-02-03 | 7.5 | CVE-2021-25758 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | 2021-02-03 | 7.5 | CVE-2021-25770 MISC MISC |
kill-process-on-port_project — kill-process-on-port | All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId. | 2021-02-01 | 7.5 | CVE-2020-28426 MISC |
koa2-blog_project — koa2-blog | Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. | 2021-02-01 | 7.5 | CVE-2020-21179 MISC |
koa2-blog_project — koa2-blog | Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. | 2021-02-01 | 7.5 | CVE-2020-21180 MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. | 2021-01-29 | 7.2 | CVE-2021-3347 MLIST MLIST MLIST MISC MISC MISC MISC MISC MISC MISC MISC FEDORA FEDORA DEBIAN MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner. | 2021-02-01 | 10 | CVE-2020-15833 MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. | 2021-02-01 | 7.5 | CVE-2020-13858 MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root. | 2021-02-01 | 10 | CVE-2020-15835 MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root. | 2021-02-01 | 10 | CVE-2020-15836 MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request. | 2021-02-01 | 7.8 | CVE-2020-13857 MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device. | 2021-02-01 | 7.8 | CVE-2020-15832 MISC MISC |
moxa — edr-g903_firmware | Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution. | 2021-02-03 | 7.5 | CVE-2020-28144 MISC |
nic — foris | Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. | 2021-01-29 | 7.5 | CVE-2021-3346 MISC MISC MISC |
nim-lang — nim | In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | 2021-01-30 | 7.5 | CVE-2020-15690 MLIST MISC MISC CONFIRM MISC |
qnap — helpdesk | The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | 2021-02-03 | 7.5 | CVE-2020-2506 CONFIRM |
qnap — helpdesk | The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | 2021-02-03 | 7.5 | CVE-2020-2507 CONFIRM |
rainbowfishsoftware — pacsone_server | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges. | 2021-02-03 | 7.5 | CVE-2020-29165 MISC MISC |
rockoa — rockoa | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | 2021-02-05 | 7.5 | CVE-2020-18716 MISC |
rockoa — rockoa | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php’s getdata function. | 2021-02-05 | 7.5 | CVE-2020-18714 MISC |
rockoa — rockoa | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | 2021-02-05 | 7.5 | CVE-2020-18713 MISC |
solarwinds — serv-u | SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. | 2021-02-03 | 7.5 | CVE-2020-35481 CONFIRM |
terra-master — tos | TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter. | 2021-01-30 | 10 | CVE-2020-15568 MISC MISC |
thinkjs — thinkjs | SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter. | 2021-02-01 | 7.5 | CVE-2020-21176 MISC MISC |
tk-star — q90_junior_gps_horloge_firmware | An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. | 2021-02-01 | 7.5 | CVE-2019-20468 MISC MISC |
tk-star — q90_junior_gps_horloge_firmware | An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470. | 2021-02-01 | 7.2 | CVE-2019-20471 MISC MISC |
totaljs — total.js | This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection. | 2021-02-02 | 7.5 | CVE-2020-28495 MISC MISC MISC MISC MISC |
totaljs — total.js | This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true and because the type parameter is not properly sanitized. | 2021-02-02 | 7.5 | CVE-2020-28494 MISC MISC |
trendmicro — apex_one | An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2021-02-04 | 7.2 | CVE-2021-25249 N/A N/A N/A N/A |
ucopia — express_wireless_appliance | UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client’s PHP call, a related issue to CVE-2017-11322. | 2021-02-02 | 7.2 | CVE-2020-25035 MISC MISC |
ucopia — ucopia_wireless_appliance | UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command. | 2021-02-02 | 7.2 | CVE-2020-25037 MISC MISC |
ucopia — ucopia_wireless_appliance | UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command. | 2021-02-02 | 9 | CVE-2020-25036 MISC MISC |
windriver — vxworks | In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block’s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | 2021-02-03 | 7.5 | CVE-2020-28895 MISC MISC |
wolfssl — wolfssl | DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). | 2021-01-29 | 7.5 | CVE-2021-3336 MISC |
yccms — yccms | Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function’s improper judgment of the request parameters, triggers remote code execution. | 2021-02-01 | 7.5 | CVE-2020-20287 MISC MISC |
yccms — yccms | Sql injection vulnerability in the yccms 3.3 project. The no_top function’s improper judgment of the request parameters, triggers a sql injection vulnerability. | 2021-02-01 | 7.5 | CVE-2020-20289 MISC MISC |
zohocorp — manageengine_opmanager | Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | 2021-02-03 | 7.5 | CVE-2020-28653 CONFIRM CONFIRM |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acronis — true_image | Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | 2021-01-29 | 4.4 | CVE-2020-35145 MISC CONFIRM |
adobe — adobe_consulting_services_commons | ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim’s browser. Exploitation of this issue requires user interaction in order to be successful. | 2021-02-02 | 4.3 | CVE-2021-21043 CONFIRM |
apache — cassandra | Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using ‘dc’ or ‘rack’ internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement. | 2021-02-03 | 4.3 | CVE-2020-17516 CONFIRM |
atlassian — crucible | Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product’s SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. | 2021-02-02 | 4 | CVE-2020-14192 MISC MISC |
atlassian — jira | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2. | 2021-02-02 | 4 | CVE-2020-36231 MISC |
cisco — advanced_malware_protection | A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions. | 2021-01-30 | 6.9 | CVE-2020-14418 MISC MISC |
ckeditor — ckeditor_5 | CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0. | 2021-01-29 | 4 | CVE-2021-21254 MISC CONFIRM MISC |
cloudflare — warp | Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service’s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1. | 2021-02-03 | 4.6 | CVE-2020-35152 CONFIRM |
delete_account_project — delete_account | deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter. | 2021-02-01 | 4.3 | CVE-2021-3350 MISC |
dh2i — dxenterprise | A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request. | 2021-01-29 | 5 | CVE-2021-3341 MISC |
digium — asterisk | An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. | 2021-01-29 | 4 | CVE-2020-35652 CONFIRM CONFIRM MISC MISC |
djangoproject — django | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by “startapp –template” and “startproject –template”) allows directory traversal via an archive with absolute paths or relative paths with dot segments. | 2021-02-02 | 5 | CVE-2021-3281 MISC MISC CONFIRM |
easycms — easycms | A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | 2021-02-01 | 6.8 | CVE-2020-24271 MISC |
facebook — hermes | A stack overflow vulnerability in Facebook Hermes ‘builtin apply’ prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | 2021-02-02 | 6.8 | CVE-2020-1896 CONFIRM CONFIRM |
getadigital — nested-object-assign | The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below. | 2021-01-31 | 5 | CVE-2021-23329 MISC MISC |
google — android | In netdiag, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442006. | 2021-02-03 | 4.6 | CVE-2021-0360 MISC |
google — android | In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442022. | 2021-02-03 | 4.6 | CVE-2021-0358 MISC |
google — android | In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442011. | 2021-02-03 | 4.6 | CVE-2021-0359 MISC |
google — android | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05431161. | 2021-02-03 | 4.6 | CVE-2021-0354 MISC |
google — android | In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442002. | 2021-02-03 | 4.6 | CVE-2021-0357 MISC |
google — android | In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442014. | 2021-02-03 | 4.6 | CVE-2021-0356 MISC |
google — android | In kisd, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425581. | 2021-02-03 | 4.6 | CVE-2021-0355 MISC |
google — android | In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247. | 2021-02-03 | 4.6 | CVE-2021-0353 MISC |
google — android | In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05342338. | 2021-02-04 | 4.9 | CVE-2021-0350 MISC |
google — android | In kisd, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449968. | 2021-02-03 | 4.6 | CVE-2021-0361 MISC |
google — android | In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070. | 2021-02-03 | 4.6 | CVE-2021-0362 MISC |
google — android | In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478. | 2021-02-03 | 4.6 | CVE-2021-0363 MISC |
google — android | In mobile_log_d, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478; Issue ID: ALPS05458503. | 2021-02-03 | 4.6 | CVE-2021-0364 MISC |
google — android | In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05454782. | 2021-02-03 | 4.6 | CVE-2021-0365 MISC |
hashicorp — nomad | HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3. | 2021-02-01 | 5 | CVE-2021-3283 MISC |
hashicorp — vault | HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7. | 2021-02-01 | 5 | CVE-2020-25594 MISC |
hashicorp — vault | HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7. | 2021-02-01 | 5 | CVE-2021-3024 MISC |
hashicorp — vault | HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2. | 2021-02-01 | 5 | CVE-2021-3282 MISC |
hcltechsw — onetest_performance | HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. | 2021-02-04 | 6.4 | CVE-2020-14247 MISC |
hcltechsw — onetest_performance | HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials. | 2021-02-04 | 5 | CVE-2020-14246 MISC |
hitachi — vantara_pentaho | The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA | 2021-01-29 | 4 | CVE-2020-24665 MISC MISC |
ibm — api_connect | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840. | 2021-02-04 | 4.3 | CVE-2020-4826 XF CONFIRM |
ibm — api_connect | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841. | 2021-02-04 | 4.3 | CVE-2020-4827 XF CONFIRM |
ibm — api_connect | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842. | 2021-02-04 | 6.4 | CVE-2020-4828 XF CONFIRM |
ibm — content_navigator | IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752. | 2021-02-02 | 4 | CVE-2020-4934 XF CONFIRM |
iniparserjs_project — iniparserjs | This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | 2021-01-29 | 6.8 | CVE-2021-23328 MISC MISC |
intel — m10jnp2sb_firmware | Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access. | 2021-02-02 | 4.6 | CVE-2020-8734 CONFIRM |
iris — star | A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application. | 2021-01-29 | 6.8 | CVE-2020-28403 MISC MISC |
istio — istio | A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application). | 2021-01-29 | 4 | CVE-2019-25014 MISC MISC |
jetbrains — hub | In JetBrains Hub before 2020.1.12629, an open redirect was possible. | 2021-02-03 | 5.8 | CVE-2021-25757 MISC MISC |
jetbrains — hub | In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. | 2021-02-03 | 5 | CVE-2021-25760 MISC MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. | 2021-02-03 | 5 | CVE-2021-25756 MISC MISC |
jetbrains — kotlin | In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | 2021-02-03 | 5 | CVE-2020-29582 MISC MISC |
jetbrains — ktor | In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. | 2021-02-03 | 5 | CVE-2021-25763 MISC MISC |
jetbrains — teamcity | JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. | 2021-02-03 | 4.3 | CVE-2021-25773 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. | 2021-02-03 | 5 | CVE-2021-25778 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | 2021-02-03 | 5 | CVE-2021-25777 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build’s parameters. | 2021-02-03 | 5 | CVE-2021-25776 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. | 2021-02-03 | 5 | CVE-2021-25772 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | 2021-02-03 | 4 | CVE-2021-25774 MISC MISC |
jetbrains — teamcity | JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | 2021-02-03 | 5 | CVE-2020-35667 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. | 2021-02-03 | 5.5 | CVE-2021-25775 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. | 2021-02-03 | 6.8 | CVE-2021-25765 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn’t able to access attachments. | 2021-02-03 | 5 | CVE-2021-25769 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. | 2021-02-03 | 5 | CVE-2021-25768 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. | 2021-02-03 | 5 | CVE-2020-25208 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed. | 2021-02-03 | 5 | CVE-2021-25771 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2020.6.1767, an issue’s existence could be disclosed via YouTrack command execution. | 2021-02-03 | 5 | CVE-2021-25767 MISC MISC |
marc_project — marc | An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness. | 2021-01-29 | 5 | CVE-2021-26308 MISC |
mediawiki — mediawiki | The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | 2021-01-29 | 5 | CVE-2020-29005 MISC MISC |
mediawiki — mediawiki | The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. | 2021-01-29 | 6.8 | CVE-2020-29004 MISC CONFIRM MISC |
minio — minio | MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with “MINIO_BROWSER=off” environment variable. | 2021-02-01 | 4 | CVE-2021-21287 MISC MISC MISC CONFIRM |
mit — krb5-appl | An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | 2021-02-02 | 5.8 | CVE-2019-25017 MISC |
mit — krb5-appl | In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | 2021-02-02 | 5 | CVE-2019-25018 MISC |
mitel — businesscti_enterprise | The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data. | 2021-01-29 | 6 | CVE-2021-3176 MISC CONFIRM |
mitel — micollab | A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. | 2021-01-29 | 6.4 | CVE-2020-35547 MISC CONFIRM |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes. | 2021-02-01 | 5 | CVE-2020-13856 MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI – OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature. | 2021-02-01 | 5 | CVE-2020-13859 MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface. | 2021-02-01 | 5 | CVE-2020-15834 MISC MISC |
mofinetwork — mofi4500-4gxelte_firmware | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password. | 2021-02-01 | 5 | CVE-2020-13860 MISC MISC |
monal — monal | Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim. | 2021-02-01 | 5 | CVE-2020-26547 MISC CONFIRM |
nagios — favorites | The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | 2021-02-03 | 5 | CVE-2021-26024 CONFIRM |
nagios — favorites | The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. | 2021-02-03 | 4.3 | CVE-2021-26023 CONFIRM |
openhab — openhab | openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from the file system. Responses to SSDP requests can be especially malicious. All add-ons that use SAX or JAXB parsing of externally received XML are potentially subject to this kind of attack. In openHAB, the following add-ons are potentially impacted: AvmFritz, BoseSoundtouch, DenonMarantz, DLinkSmarthome, Enigma2, FmiWeather, FSInternetRadio, Gce, Homematic, HPPrinter, IHC, Insteon, Onkyo, Roku, SamsungTV, Sonos, Roku, Tellstick, TR064, UPnPControl, Vitotronic, Wemo, YamahaReceiver and XPath Tranformation. The vulnerabilities have been fixed in versions 2.5.12 and 3.0.1 by a more strict configuration of the used XML parser. | 2021-02-01 | 4 | CVE-2021-21266 MISC MISC CONFIRM MISC |
palletsprojects — jinja | This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. | 2021-02-01 | 5 | CVE-2020-28493 MISC MISC MISC |
phpgacl_project — phpgacl | A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter. | 2021-02-01 | 4.3 | CVE-2020-13562 MISC |
phpgacl_project — phpgacl | A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter. | 2021-02-01 | 4.3 | CVE-2020-13564 MISC |
phpgacl_project — phpgacl | A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter. | 2021-02-01 | 4.3 | CVE-2020-13563 MISC |
qemu — qemu | A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. | 2021-01-30 | 4.6 | CVE-2020-17380 CONFIRM CONFIRM |
rainbowfishsoftware — pacsone_server | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS). | 2021-02-03 | 4.3 | CVE-2020-29164 MISC MISC |
rainbowfishsoftware — pacsone_server | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection. | 2021-02-03 | 6.5 | CVE-2020-29163 MISC MISC |
rainbowfishsoftware — pacsone_server | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure. | 2021-02-03 | 5 | CVE-2020-29166 MISC MISC |
raw-cpuid_project — raw-cpuid | An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods. | 2021-01-29 | 5 | CVE-2021-26306 MISC |
rsa — archer | Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks. | 2021-01-29 | 4 | CVE-2020-29538 CONFIRM MISC |
rsa — archer | Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. | 2021-01-29 | 4.9 | CVE-2020-29537 CONFIRM MISC |
rsa — archer | Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks. | 2021-01-29 | 4 | CVE-2020-29536 CONFIRM MISC |
solarwinds — serv-u | SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. | 2021-02-03 | 6.5 | CVE-2020-27994 CONFIRM MISC |
squaredup — squaredup | A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames. | 2021-02-03 | 4.3 | CVE-2020-9389 CONFIRM |
tk-star — q90_junior_gps_horloge_firmware | An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a “Remove PIN and restart!” message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device. | 2021-02-01 | 4.6 | CVE-2019-20473 MISC MISC |
tk-star — q90_junior_gps_horloge_firmware | An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471. | 2021-02-01 | 5 | CVE-2019-20470 MISC MISC |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information. | 2021-02-04 | 5 | CVE-2021-25240 N/A N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes. | 2021-02-04 | 5 | CVE-2021-25239 N/A N/A N/A N/A |
trendmicro — apex_one | An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries. | 2021-02-04 | 6.4 | CVE-2021-25246 N/A N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file. | 2021-02-04 | 5 | CVE-2021-25233 N/A N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. | 2021-02-04 | 5 | CVE-2021-25237 N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. | 2021-02-04 | 5 | CVE-2021-25232 N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file. | 2021-02-04 | 5 | CVE-2021-25235 N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. | 2021-02-04 | 5 | CVE-2021-25243 N/A N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file. | 2021-02-04 | 5 | CVE-2021-25234 N/A N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. | 2021-02-04 | 5 | CVE-2021-25242 N/A N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file. | 2021-02-04 | 5 | CVE-2021-25230 N/A N/A N/A |
trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. | 2021-02-04 | 5 | CVE-2021-25231 N/A N/A N/A N/A |
trendmicro — apex_one | A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. | 2021-02-04 | 5 | CVE-2021-25241 N/A N/A N/A |
trendmicro — officescan | An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent’s managing port. | 2021-02-04 | 5 | CVE-2021-25238 N/A N/A N/A |
trendmicro — officescan | A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. | 2021-02-04 | 5 | CVE-2021-25236 N/A N/A N/A |
uip_project — uip | An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets. | 2021-02-02 | 5 | CVE-2020-24335 MISC MISC MISC MISC MISC |
wikindx_project — wikindx | A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php. | 2021-02-01 | 4.3 | CVE-2021-3340 MISC MISC |
wwbn — avideo | AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash. | 2021-02-01 | 6.5 | CVE-2021-21286 MISC CONFIRM |
yccms — yccms | Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions’ improper judgment of the request parameters, triggers a directory traversal vulnerability. | 2021-02-01 | 6.4 | CVE-2020-20290 MISC |
zivautomation — 4cct-ea6-334126bf_firmware | ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919. | 2021-01-29 | 5 | CVE-2021-25909 CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
altn — mdaemon_webmail | Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities. | 2021-02-03 | 3.5 | CVE-2020-18723 MISC MISC |
altn — mdaemon_webmail | Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list. | 2021-02-03 | 3.5 | CVE-2020-18724 MISC MISC |
google — android | In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05453809. | 2021-02-03 | 2.1 | CVE-2021-0352 MISC |
google — android | In ccu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05377188. | 2021-02-04 | 2.1 | CVE-2021-0347 MISC |
hitachi — vantara_pentaho | The dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘pho:title’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | 2021-01-29 | 3.5 | CVE-2020-24664 MISC MISC |
hitachi — vantara_pentaho | The Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Display Name’ parameter. Remediated in >= 9.1.0.1 | 2021-01-29 | 3.5 | CVE-2020-24666 MISC MISC |
hitachi — vantara_pentaho | The New Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Analysis Report Description’ field in ‘About this Report’ section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. | 2021-01-29 | 3.5 | CVE-2020-24669 MISC MISC |
hitachi — vantara_pentaho | The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘type’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | 2021-01-29 | 3.5 | CVE-2020-24670 MISC MISC |
ibm — api_connect | Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510. | 2021-02-04 | 3.8 | CVE-2020-4640 XF CONFIRM |
ibm — api_connect | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839. | 2021-02-04 | 3.5 | CVE-2020-4825 XF CONFIRM |
ibm — qradar_security_information_and_event_manager | IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178. | 2021-02-04 | 3.3 | CVE-2020-5032 XF CONFIRM |
linux — linux_kernel | nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. | 2021-02-01 | 2.1 | CVE-2021-3348 MLIST MISC MISC |
nextcloud — nextcloud_server | A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a ‘javascript:’ URL in markdown format. | 2021-02-03 | 3.5 | CVE-2020-8294 CONFIRM CONFIRM |
phpgurukul — daily_expense_tracker_system | PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. | 2021-01-29 | 3.5 | CVE-2021-26304 MISC |
pryaniki — pryaniki | A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment. | 2021-02-02 | 3.5 | CVE-2021-3395 MISC MISC |
raw-cpuid_project — raw-cpuid | An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash. | 2021-01-29 | 2.1 | CVE-2021-26307 MISC |
rsa — archer | Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | 2021-01-29 | 3.5 | CVE-2020-29535 CONFIRM MISC |
solarwinds — serv-u | SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. | 2021-02-03 | 3.5 | CVE-2020-35482 CONFIRM |
solarwinds — serv-u | SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | 2021-02-03 | 3.5 | CVE-2020-28001 CONFIRM MISC |
squaredup — squaredup | SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script. | 2021-02-03 | 3.5 | CVE-2020-9390 CONFIRM |
trendmicro — apex_one | An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2021-02-04 | 2.1 | CVE-2021-25248 N/A N/A N/A N/A |
zivautomation — 4cct-ea6-334126bf_firmware | Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user. | 2021-01-29 | 3.3 | CVE-2021-25910 CONFIRM |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
huawei — multiple_products | There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. | 2021-02-06 | not yet calculated | CVE-2021-22300 CONFIRM |
allen-bradley — flex_io_1794-aent/b |
An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | 2021-02-04 | not yet calculated | CVE-2020-6088 MISC |
angular — angular |
angular-expressions is “angular’s nicest part extracted as a standalone module for the browser and node”. In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call “expressions.compile(userControlledInput)” where “userControlledInput” is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a “.constructor.constructor” technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput. | 2021-02-01 | not yet calculated | CVE-2021-21277 MISC MISC CONFIRM MISC |
asuswrt — asus_rt-ax3000_firmware |
Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. | 2021-02-05 | not yet calculated | CVE-2021-3229 MISC MISC MISC |
bitcoin — core |
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states “I believe that this vulnerability cannot actually be exploited.” | 2021-02-04 | not yet calculated | CVE-2021-3401 MISC MISC |
blaze — blaze |
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. http4s provides a general “MaxActiveRequests” middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. In 0.21.17, 0.22.0-M2, and 1.0.0-M14, a new “maxConnections” property, with a default value of 1024, has been added to the `BlazeServerBuilder`. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended. The NIO2 backend does not respect `maxConnections`. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xhv5-w9c5-2r2w. | 2021-02-02 | not yet calculated | CVE-2021-21294 MISC MISC CONFIRM |
blaze — blaze |
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. The vast majority of affected users are using it as part of http4s-blaze-server <= 0.21.16. http4s provides a mechanism for limiting open connections, but is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. The issue is fixed in version 0.14.15 for “NIO1SocketServerGroup”. A “maxConnections” parameter is added, with a default value of 512. Concurrent connections beyond this limit are rejected. To run unbounded, which is not recommended, set a negative number. The “NIO2SocketServerGroup” has no such setting and is now deprecated. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xmw9-q7x9-j5qc. | 2021-02-02 | not yet calculated | CVE-2021-21293 MISC CONFIRM MISC |
cisco — 8000_series_routers |
A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root. | 2021-02-04 | not yet calculated | CVE-2021-1370 CISCO |
cisco — ios_xr_software |
A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests. | 2021-02-04 | not yet calculated | CVE-2021-1243 CISCO |
cisco — ios_xr_software |
A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition. | 2021-02-04 | not yet calculated | CVE-2021-1268 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-02-04 | not yet calculated | CVE-2021-1288 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-02-04 | not yet calculated | CVE-2021-1313 CISCO |
cisco — ios_xr_software |
A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL. | 2021-02-04 | not yet calculated | CVE-2021-1389 CISCO |
cisco — ios_xr_software |
A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. | 2021-02-04 | not yet calculated | CVE-2021-1128 CISCO |
cisco — managed_services_accelerator |
A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | 2021-02-04 | not yet calculated | CVE-2021-1266 CISCO |
cisco — multiple_small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. | 2021-02-04 | not yet calculated | CVE-2021-1297 CISCO |
cisco — multiple_small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-02-04 | not yet calculated | CVE-2021-1295 CISCO |
cisco — multiple_small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-02-04 | not yet calculated | CVE-2021-1291 CISCO |
cisco — multiple_small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-02-04 | not yet calculated | CVE-2021-1290 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. | 2021-02-04 | not yet calculated | CVE-2021-1315 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. | 2021-02-04 | not yet calculated | CVE-2021-1314 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. | 2021-02-04 | not yet calculated | CVE-2021-1316 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. | 2021-02-04 | not yet calculated | CVE-2021-1296 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-02-04 | not yet calculated | CVE-2021-1294 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-02-04 | not yet calculated | CVE-2021-1292 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-02-04 | not yet calculated | CVE-2021-1289 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. | 2021-02-04 | not yet calculated | CVE-2021-1317 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. | 2021-02-04 | not yet calculated | CVE-2021-1318 CISCO |
cisco — multiple_small_business_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-02-04 | not yet calculated | CVE-2021-1293 CISCO |
cisco — network_convergence_system_540_series_routers |
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-02-04 | not yet calculated | CVE-2021-1244 CISCO |
cisco — network_convergence_system_540_series_routers |
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-02-04 | not yet calculated | CVE-2021-1136 CISCO |
cisco — unified_computing_system |
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data. | 2021-02-04 | not yet calculated | CVE-2021-1354 CISCO |
cisco — webex_meetings_and_webex_meetings_server_software |
A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link. | 2021-02-04 | not yet calculated | CVE-2021-1221 CISCO |
clustered_data — ontap | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). | 2021-02-03 | not yet calculated | CVE-2020-8588 CONFIRM |
clustered_data — ontap |
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. | 2021-02-03 | not yet calculated | CVE-2020-8589 CONFIRM |
com.squareup:connet — com.squareup:connet |
This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r–r– on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version. | 2021-02-03 | not yet calculated | CVE-2021-23331 CONFIRM CONFIRM |
docker — docker | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the –userns-remap option in which access to remapped root allows privilege escalation to real root. When using “–userns-remap”, if the root user in the remapped namespace has access to the host filesystem they can modify files under “/var/lib/docker/<remapping>” that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | 2021-02-02 | not yet calculated | CVE-2021-21284 MISC MISC MISC MISC CONFIRM |
docker — docker | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | 2021-02-02 | not yet calculated | CVE-2021-21285 MISC MISC MISC MISC CONFIRM |
eclipse — californium |
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS. | 2021-02-03 | not yet calculated | CVE-2020-27222 CONFIRM |
electric_coin_company — zcashd |
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. | 2021-02-05 | not yet calculated | CVE-2020-8806 MISC |
electric_coin_company — zcashd |
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim’s address and an IP address, aka a timing side channel. | 2021-02-05 | not yet calculated | CVE-2020-8807 MISC |
elliptic — elliptic |
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed. | 2021-02-02 | not yet calculated | CVE-2020-28498 MISC CONFIRM CONFIRM MISC |
epikur — epikur |
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password’s MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a “Backdoor Password” of 3p1kursupport). If the submitted password matches either one, access is granted. | 2021-02-05 | not yet calculated | CVE-2020-10539 MISC |
epikur — epikur |
An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account. | 2021-02-05 | not yet calculated | CVE-2020-10537 MISC |
epikur — epikur |
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack. | 2021-02-05 | not yet calculated | CVE-2020-10538 MISC |
epson — iprojection |
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. DeviceEMPNSAUIO and DosDevicesEMPNSAU are similarly affected. | 2021-02-05 | not yet calculated | CVE-2020-9014 MISC MISC MISC |
epson — iprojection |
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects DeviceEMPMPAUIO and DosDevicesEMPMPAU. | 2021-02-05 | not yet calculated | CVE-2020-9453 MISC MISC MISC |
freediskspace — freediskspace |
This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | 2021-02-02 | not yet calculated | CVE-2020-7775 MISC |
gitea — gitea |
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. | 2021-02-05 | not yet calculated | CVE-2021-3382 MISC |
gnome — evolution |
** DISPUTED ** GNOME Evolution through 3.38.3 produces a “Valid signature” message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior. | 2021-02-01 | not yet calculated | CVE-2021-3349 MISC MISC MISC |
gnome — multiple_products |
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink to a directory outside of the intended extraction location. | 2021-02-05 | not yet calculated | CVE-2020-36241 MISC MISC |
harbor — harbor |
In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. | 2021-02-02 | not yet calculated | CVE-2020-29662 MISC |
hcl — digital_experience |
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | 2021-02-02 | not yet calculated | CVE-2020-14255 CONFIRM |
hcl — digital_experience |
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. | 2021-02-02 | not yet calculated | CVE-2020-14221 CONFIRM |
hcl — digital_experience |
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS). | 2021-02-02 | not yet calculated | CVE-2020-4081 CONFIRM |
hcl — onetest_ui |
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources. | 2021-02-04 | not yet calculated | CVE-2020-14245 MISC |
helm — helm |
Helm is open-source software which is essentially “The Kubernetes Package Manager”. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used “as is” without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data. | 2021-02-05 | not yet calculated | CVE-2021-21303 MISC MISC CONFIRM |
huawei — gauess100 |
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090. | 2021-02-06 | not yet calculated | CVE-2021-22298 CONFIRM |
huawei — manageone |
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | 2021-02-06 | not yet calculated | CVE-2020-9205 CONFIRM |
huawei — mate_30 | There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module. | 2021-02-06 | not yet calculated | CVE-2021-22307 CONFIRM |
huawei — mate_30 |
Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow. | 2021-02-06 | not yet calculated | CVE-2021-22301 CONFIRM |
huawei — mate_30 |
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service. | 2021-02-06 | not yet calculated | CVE-2021-22306 CONFIRM |
huawei — mate_30 |
There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service. | 2021-02-06 | not yet calculated | CVE-2021-22305 CONFIRM |
huawei — multiple_products |
There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. | 2021-02-06 | not yet calculated | CVE-2021-22292 CONFIRM |
huawei — multiple_products |
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1). | 2021-02-06 | not yet calculated | CVE-2021-22293 CONFIRM |
huawei — multiple_products |
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220. | 2021-02-06 | not yet calculated | CVE-2021-22299 CONFIRM |
huawei — sound_x_product |
There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package’s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00). | 2021-02-06 | not yet calculated | CVE-2020-9118 CONFIRM |
huawei — taurus-al00a_smartphones | There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service. | 2021-02-06 | not yet calculated | CVE-2021-22304 CONFIRM |
huawei — taurus-al00a_smartphones |
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. | 2021-02-06 | not yet calculated | CVE-2021-22302 MISC |
huawei — taurus-al00a_smartphones |
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service. | 2021-02-06 | not yet calculated | CVE-2021-22303 CONFIRM |
ibm — powerha |
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969. | 2021-02-05 | not yet calculated | CVE-2020-4832 XF CONFIRM |
imagemagik — magikcore/gem |
A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56. | 2021-02-06 | not yet calculated | CVE-2021-20176 MISC |
intel — bluez |
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. | 2021-02-02 | not yet calculated | CVE-2020-24490 CONFIRM |
intel — celeron_processor_4000_series |
Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access. | 2021-02-02 | not yet calculated | CVE-2020-8672 CONFIRM |
iobit — advanced_systemcare |
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. DosDevicesAscRegistryFilter and DeviceAscRegistryFilter are affected. | 2021-02-05 | not yet calculated | CVE-2020-10234 MISC MISC MISC |
jenzabar — jenzabar |
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. | 2021-02-06 | not yet calculated | CVE-2021-26723 MISC MISC |
jetbrains — code_with_me |
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. | 2021-02-03 | not yet calculated | CVE-2021-25755 MISC MISC |
jetbrains — hub |
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | 2021-02-03 | not yet calculated | CVE-2021-25759 MISC MISC |
jetbrains — ktor |
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | 2021-02-03 | not yet calculated | CVE-2021-25761 MISC MISC |
jetbrains — ktor |
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. | 2021-02-03 | not yet calculated | CVE-2021-25762 MISC MISC |
jetbrains — youtrack |
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made. | 2021-02-03 | not yet calculated | CVE-2021-25766 MISC MISC |
lg — multiple_mobile_devices |
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021). | 2021-02-04 | not yet calculated | CVE-2021-26687 MISC |
lg — wing_mobile_devices |
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021). | 2021-02-04 | not yet calculated | CVE-2021-26688 MISC |
linkedin — oncall |
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the “No results found for” message in the search bar. | 2021-02-05 | not yet calculated | CVE-2021-26722 MISC |
linux — linux_kernel |
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. | 2021-02-05 | not yet calculated | CVE-2021-26708 MLIST MISC MISC MISC |
loklak — loklak |
loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit. | 2021-02-02 | not yet calculated | CVE-2020-15097 MISC CONFIRM |
max_secure — max_spyware_detector |
In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.) | 2021-02-05 | not yet calculated | CVE-2020-12122 MISC MISC MISC |
mechanize — mechanize |
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes’ methods which implicitly use Ruby’s Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7. | 2021-02-02 | not yet calculated | CVE-2021-21289 MISC MISC CONFIRM MISC |
micro_focus — application_performance_management |
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. | 2021-02-06 | not yet calculated | CVE-2021-22499 CONFIRM |
micro_focus — application_performance_management |
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker’s choosing. | 2021-02-06 | not yet calculated | CVE-2021-22500 CONFIRM |
nessus — ami |
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 2021-02-06 | not yet calculated | CVE-2020-5812 MISC |
netgear — r7450_routers |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559. | 2021-02-04 | not yet calculated | CVE-2020-27873 N/A N/A |
netgear — r7450_routers |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. | 2021-02-04 | not yet calculated | CVE-2020-27872 N/A N/A |
new_media — smarty |
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product. | 2021-02-05 | not yet calculated | CVE-2020-10375 MISC MISC |
npm — npm |
This affects all versions of package decal. The vulnerability is in the extend function. | 2021-02-04 | not yet calculated | CVE-2020-28450 MISC MISC MISC |
npm — npm |
This affects all versions of package decal. The vulnerability is in the set function. | 2021-02-04 | not yet calculated | CVE-2020-28449 MISC MISC MISC |
nvidia — geforce_experience |
NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service. | 2021-02-05 | not yet calculated | CVE-2021-1072 CONFIRM |
oauth2_proxy — oauth2_proxy |
OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for “.example.com”, the intention is that subdomains of example.com are allowed. Instead, “example.com” and “badexample.com” could also match. This is fixed in version 7.0.0 onwards. As a workaround, one can disable the whitelist domain feature and run separate OAuth2 Proxy instances for each subdomain. | 2021-02-02 | not yet calculated | CVE-2021-21291 MISC MISC CONFIRM MISC |
october — october |
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker. | 2021-02-05 | not yet calculated | CVE-2021-3311 CONFIRM MISC |
opmantek — open-audit |
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link. | 2021-02-05 | not yet calculated | CVE-2021-3333 MISC |
oppo — android_phone_with_mtk_chipset |
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no. | 2021-02-06 | not yet calculated | CVE-2020-11836 MISC |
pdf2json — pdf2json |
Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file. | 2021-02-05 | not yet calculated | CVE-2020-18750 CONFIRM MISC |
podman — podman |
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards. | 2021-02-02 | not yet calculated | CVE-2021-20199 MISC MISC MISC MISC |
polr — polr |
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users’ settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php. | 2021-02-01 | not yet calculated | CVE-2021-21276 MISC MISC CONFIRM |
pretashop — opart_devis |
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user’s invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields. | 2021-02-04 | not yet calculated | CVE-2020-16194 MISC |
psyprax — psyprax |
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well. | 2021-02-05 | not yet calculated | CVE-2020-10552 MISC |
psyprax — psyprax |
An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%Psyprax32PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file. | 2021-02-05 | not yet calculated | CVE-2020-10553 MISC |
psyprax — psyprax |
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM. | 2021-02-05 | not yet calculated | CVE-2020-10554 MISC |
question2answer — q2a |
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution. | 2021-02-05 | not yet calculated | CVE-2021-3258 MISC MISC MISC |
realtek — rtl8195a_wi-fi_module | The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network’s PSK. | 2021-02-03 | not yet calculated | CVE-2020-25857 CONFIRM |
realtek — rtl8195a_wi-fi_module |
The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this. | 2021-02-03 | not yet calculated | CVE-2020-25855 CONFIRM |
realtek — rtl8195a_wi-fi_module |
The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network’s PSK. | 2021-02-03 | not yet calculated | CVE-2020-25853 CONFIRM |
realtek — rtl8195a_wi-fi_module |
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this. | 2021-02-03 | not yet calculated | CVE-2020-25856 CONFIRM |
realtek — rtl8195a_wi-fi_module |
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this. | 2021-02-03 | not yet calculated | CVE-2020-25854 CONFIRM |
red_hat — red_hat |
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. | 2021-02-06 | not yet calculated | CVE-2020-14312 MISC |
redwood — report2web |
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. | 2021-02-05 | not yet calculated | CVE-2021-26710 MISC |
redwood — report2web |
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter. | 2021-02-05 | not yet calculated | CVE-2021-26711 MISC |
softmaker — office_planmaker |
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. | 2021-02-04 | not yet calculated | CVE-2020-13579 MISC |
softmaker — office_planmaker |
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 2021-02-04 | not yet calculated | CVE-2020-13586 MISC |
softmaker — office_planmaker |
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | 2021-02-04 | not yet calculated | CVE-2020-27249 MISC |
softmaker — office_planmaker |
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | 2021-02-04 | not yet calculated | CVE-2020-27248 MISC |
softmaker — office_planmaker |
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | 2021-02-04 | not yet calculated | CVE-2020-27247 MISC |
softmaker — office_planmaker |
An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. | 2021-02-04 | not yet calculated | CVE-2020-13580 MISC |
solarwinds — orion_platform
|
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database. | 2021-02-03 | not yet calculated | CVE-2021-25275 MISC |
solarwinds — orion_platform |
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn’t set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem. | 2021-02-03 | not yet calculated | CVE-2021-25274 MISC |
solarwinds — serv-u | In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users’ password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server’s filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C: home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges. | 2021-02-03 | not yet calculated | CVE-2021-25276 MISC |
sonicwall — sslvpn_sma100 |
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. | 2021-02-04 | not yet calculated | CVE-2021-20016 CONFIRM |
squaredup — squaredup |
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard. | 2021-02-03 | not yet calculated | CVE-2020-9388 CONFIRM |
tibco — ebx_web_server |
The TIBCO EBX Web Server component of TIBCO Software Inc.’s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO EBX: versions 5.9.12 and below. | 2021-02-02 | not yet calculated | CVE-2021-23271 CONFIRM CONFIRM |
traccar — traccar |
Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12. | 2021-02-02 | not yet calculated | CVE-2021-21292 MISC CONFIRM MISC |
trend_micro — antivirus_for_mac_2021 |
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability – i.e. the attacker must already have access to the target system (either legitimately or via another exploit). | 2021-02-04 | not yet calculated | CVE-2021-25227 N/A N/A |
trend_micro — apex_one |
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. | 2021-02-04 | not yet calculated | CVE-2021-25229 N/A N/A N/A |
trend_micro — apex_one |
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history. | 2021-02-04 | not yet calculated | CVE-2021-25228 N/A N/A N/A N/A |
trend_micro — worry-free_business_security |
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. | 2021-02-04 | not yet calculated | CVE-2021-25245 N/A N/A |
trend_micro — worry-free_business_security |
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton. | 2021-02-04 | not yet calculated | CVE-2021-25244 N/A N/A |
typora — typora |
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. | 2021-02-05 | not yet calculated | CVE-2020-18737 MISC |
video_insight — vms |
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request. | 2021-02-05 | not yet calculated | CVE-2021-20623 MISC MISC |
whatsapp — whatsapp |
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image. | 2021-02-02 | not yet calculated | CVE-2020-1910 CONFIRM |
wordpress — wordpress |
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2021-02-05 | not yet calculated | CVE-2021-20652 MISC MISC |
zoho — manageengine_applications_manager |
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | 2021-02-05 | not yet calculated | CVE-2020-35765 MISC CONFIRM |
zohocorp — manageengine_remote_access_plus |
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin – User Administration userMgmt.do?actionToCall=ShowUser screen. | 2021-02-03 | not yet calculated | CVE-2019-16268 MISC CONFIRM |
zulipchat — zulip_desktop |
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler. | 2021-02-05 | not yet calculated | CVE-2020-10858 CONFIRM |
zulipchat — zulip_desktop |
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. | 2021-02-05 | not yet calculated | CVE-2020-10857 CONFIRM |
zzzcms — zzzcms |
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | 2021-02-05 | not yet calculated | CVE-2020-18717 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.