Original release date: March 1, 2021
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alleghenycreative — openrepeater | OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | 2021-02-19 | 10 | CVE-2019-25024 MISC MISC |
amaze_file_manager_project — amaze_file_manager | Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | 2021-02-19 | 7.2 | CVE-2020-36246 MISC MISC |
arubanetworks — clearpass_policy_manager | A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 2021-02-23 | 9 | CVE-2021-26679 MISC |
arubanetworks — clearpass_policy_manager | A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 2021-02-23 | 9 | CVE-2021-26684 MISC |
arubanetworks — clearpass_policy_manager | A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 2021-02-23 | 9 | CVE-2021-26683 MISC |
arubanetworks — clearpass_policy_manager | A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 2021-02-23 | 9 | CVE-2021-26680 MISC |
arubanetworks — clearpass_policy_manager | A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges. | 2021-02-23 | 7.2 | CVE-2021-26677 MISC |
atlassian — alfresco_enterprise_content_management | An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. | 2021-02-19 | 9 | CVE-2020-12873 MISC MISC |
atlassian — jira | An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | 2021-02-22 | 9 | CVE-2021-26068 MISC |
bloodhound_project — bloodhound | components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter. | 2021-02-19 | 9.3 | CVE-2021-3210 MISC MISC MISC |
botan_project — botan | In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex). | 2021-02-22 | 7.5 | CVE-2021-24115 CONFIRM MISC MISC |
collaboraoffice — online | “loolforkit” is a privileged program that is supposed to be run by a special, non-privileged “lool” user. Before doing anything else “loolforkit” checks, if it was invoked by the “lool” user, and refuses to run with privileges, if it’s not the case. In the vulnerable version of “loolforkit” this check was wrong, so a normal user could start “loolforkit” and eventually get local root privileges. | 2021-02-23 | 7.2 | CVE-2021-25630 MISC MISC |
eyesofnetwork — eyesofnetwork | EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | 2021-02-22 | 7.5 | CVE-2021-27514 MISC MISC |
geojson2kml_project — geojson2kml | All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require(“geojson2kml”); a(“./”,”& touch JHU”,function(){}) | 2021-02-23 | 7.5 | CVE-2020-28429 CONFIRM |
inspur — clusterengine | A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server | 2021-02-22 | 10 | CVE-2020-21224 MISC MISC |
linux — linux_kernel | A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. | 2021-02-19 | 7.2 | CVE-2020-35499 MISC |
microsoft — .net | .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701. | 2021-02-25 | 7.5 | CVE-2021-24112 N/A |
microsoft — .net | .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. | 2021-02-25 | 7.5 | CVE-2021-26701 N/A |
netshieldcorp — nano_25_firmware | On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. | 2021-02-22 | 9 | CVE-2021-3149 MISC MISC |
nozominetworks — central_management_control | OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. | 2021-02-22 | 9 | CVE-2021-26724 CONFIRM |
nuance-gulp-build-common_project — nuance-gulp-build-common | All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: /var a = require(“nuance-gulp-build-common”) a.run(“touch JHU”) | 2021-02-23 | 7.5 | CVE-2020-28430 MISC |
qualcomm — apq8009 | A buffer overflow can occur when playing an MKV clip due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-02-22 | 7.5 | CVE-2020-11283 CONFIRM |
qualcomm — apq8009_firmware | Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | 10 | CVE-2020-11170 CONFIRM |
qualcomm — apq8009_firmware | Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2021-02-22 | 7.2 | CVE-2020-11195 CONFIRM |
qualcomm — apq8009_firmware | User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-02-22 | 7.2 | CVE-2020-11177 CONFIRM |
qualcomm — apq8017_firmware | Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-02-22 | 10 | CVE-2020-11163 CONFIRM |
qualcomm — aqt1000_firmware | Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2021-02-22 | 7.2 | CVE-2020-11223 CONFIRM |
qualcomm — aqt1000_firmware | Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | 7.2 | CVE-2020-11194 CONFIRM |
qualcomm — aqt1000_firmware | Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile | 2021-02-22 | 7.2 | CVE-2020-11187 CONFIRM |
redhat — jboss_fuse | A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. | 2021-02-23 | 7.8 | CVE-2020-27782 MISC |
redhat — keycloak | A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. | 2021-02-23 | 7.5 | CVE-2020-14359 MISC MISC |
shinobi — shinobi_pro | An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI. | 2021-02-22 | 7.5 | CVE-2021-27228 MISC MISC MISC |
smarty — smarty | Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 2021-02-22 | 7.5 | CVE-2021-26120 MISC |
sytech — xlreporter | An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. | 2021-02-19 | 7.2 | CVE-2020-13549 MISC |
theme-core_project — theme-core | All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require(“theme-core”); a.utils.sh(“touch JHU”) | 2021-02-23 | 7.5 | CVE-2020-28432 MISC |
tribe29 — checkmk | Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory. | 2021-02-19 | 7.2 | CVE-2020-24908 MISC |
wc-cmd_project — wc-cmd | All versions of package wc-cmd are vulnerable to Command Injection via the index.js file. PoC: var a =require(“wc-cmd”); a(“touch JHU”) | 2021-02-23 | 7.5 | CVE-2020-28431 MISC |
yithemes — woocommerce_gift_cards | An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images. | 2021-02-22 | 10 | CVE-2021-3120 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acronis — cyber_protect | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. | 2021-02-22 | 5 | CVE-2020-35556 MISC MISC |
acronis — cyber_protect | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console. | 2021-02-22 | 4.3 | CVE-2020-35664 MISC MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability. | 2021-02-23 | 4.3 | CVE-2020-29075 CONFIRM |
adobe — bridge | Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-02-25 | 6.8 | CVE-2021-21065 MISC |
adobe — bridge | Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-02-25 | 6.8 | CVE-2021-21066 MISC |
advantech — webaccess/scada | The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | 2021-02-23 | 6.5 | CVE-2020-25161 MISC |
aida64 — aida64 | Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. | 2021-02-19 | 4.6 | CVE-2020-19513 EXPLOIT-DB |
apache — myfaces | In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. | 2021-02-19 | 6.8 | CVE-2021-26296 MISC FULLDISC MISC |
arubanetworks — clearpass_policy_manager | A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface. | 2021-02-23 | 4.3 | CVE-2021-26682 MISC |
arubanetworks — clearpass_policy_manager | A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. | 2021-02-23 | 5.5 | CVE-2021-26686 MISC |
arubanetworks — clearpass_policy_manager | A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. | 2021-02-23 | 5.5 | CVE-2021-26685 MISC |
arubanetworks — clearpass_policy_manager | A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account. | 2021-02-23 | 4.6 | CVE-2020-7120 MISC |
asus — askey_rtf8115vw_firmware | Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. | 2021-02-19 | 5.8 | CVE-2021-27404 MISC |
asus — askey_rtf8115vw_firmware | Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. | 2021-02-19 | 4.3 | CVE-2021-27403 MISC |
atlassian — confluence | The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | 2021-02-22 | 5 | CVE-2020-29448 MISC |
carrier — webctrl_system | Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. | 2021-02-22 | 4.3 | CVE-2020-19762 MISC |
chamilo — chamilo | Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. | 2021-02-19 | 4.3 | CVE-2021-26746 CONFIRM MISC MISC |
cira — canadian_shield | The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation. | 2021-02-23 | 4.3 | CVE-2021-27189 MISC FULLDISC MISC |
cnesty — helpcom | Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page. | 2021-02-24 | 6.8 | CVE-2020-7846 CONFIRM |
digium — asterisk | A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. | 2021-02-19 | 4 | CVE-2021-26713 MISC MISC MISC |
djangoproject — channels | Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of session identifiers and other sensitive data. Note that this affects only the legacy Channels provided class, and not Django’s similar ASGIHandler, available from Django 3.0. | 2021-02-22 | 5.8 | CVE-2020-35681 CONFIRM MISC MISC |
docsifyjs — docsify | This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters | 2021-02-19 | 4.3 | CVE-2021-23342 MISC FULLDISC MISC MISC MISC |
eyesofnetwork — eyesofnetwork | The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on “le filtre userside.” | 2021-02-22 | 6.5 | CVE-2021-27513 MISC MISC |
fujielectric — v-server | The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | 2021-02-19 | 6.8 | CVE-2020-25171 MISC |
genymobile — genymotion_desktop | ** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host’s clipboard data to the Android application by default. NOTE: the vendor’s position is that this is intended behavior that can be changed through the Settings > Device screen. | 2021-02-22 | 5 | CVE-2021-27549 MISC MISC MISC MISC MISC MISC MISC |
getgist — chatbox | Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS. | 2021-02-23 | 4.3 | CVE-2020-35852 MISC MISC MISC |
gnu — glibc | The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | 2021-02-24 | 4.9 | CVE-2021-27645 MISC |
google — chrome | Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-02-22 | 6.8 | CVE-2021-21152 MISC MISC FEDORA |
google — chrome | Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 2021-02-22 | 6.8 | CVE-2021-21151 MISC MISC FEDORA |
google — chrome | Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 2021-02-22 | 6.8 | CVE-2021-21149 MISC MISC FEDORA |
google — chrome | Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 2021-02-22 | 6.8 | CVE-2021-21153 MISC MISC FEDORA |
google — chrome | Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-02-22 | 6.8 | CVE-2021-21150 MISC MISC FEDORA |
google — chrome | Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-02-22 | 6.8 | CVE-2021-21154 MISC MISC FEDORA |
google — chrome | Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-02-22 | 6.8 | CVE-2021-21157 MISC MISC FEDORA |
google — chrome | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. | 2021-02-22 | 6.8 | CVE-2021-21156 MISC MISC FEDORA |
google — chrome | Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-02-22 | 6.8 | CVE-2021-21155 MISC MISC FEDORA |
google — rendertron | Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome’s access to your internal domain. | 2021-02-23 | 4 | CVE-2020-8902 CONFIRM |
google — slashify | The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | 2021-02-19 | 5.8 | CVE-2021-3189 MISC MISC |
hubspot — jinjava | Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure. | 2021-02-19 | 6.8 | CVE-2020-12668 MISC MISC MISC MISC MISC |
ibm — planning_analytics | IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization’s internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029. | 2021-02-23 | 4 | CVE-2020-4953 XF CONFIRM |
imagemagick — imagemagick | In ImageMagick, there is an outside the range of representable values of type ‘unsigned int’ at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2021-02-23 | 4.3 | CVE-2020-27768 MISC |
intel — bmc_firmware | Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. | 2021-02-19 | 4.6 | CVE-2020-12374 MISC |
iptime — nas-i_firmware | The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36. | 2021-02-23 | 5.2 | CVE-2020-7847 CONFIRM |
jasper_project — jasper | A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. | 2021-02-23 | 4.3 | CVE-2021-26927 MISC MISC |
jasper_project — jasper | A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. | 2021-02-23 | 5.8 | CVE-2021-26926 MISC MISC |
jenkins — claim | A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. | 2021-02-24 | 4.3 | CVE-2021-21620 CONFIRM |
jenkins — configuration_slicing | A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. | 2021-02-24 | 6.8 | CVE-2021-21617 MLIST CONFIRM |
jenkins — support_core | Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the “About user (basic authentication details only)” information, which can include the session ID of the user creating the support bundle in some configurations. | 2021-02-24 | 5 | CVE-2021-21621 CONFIRM |
johnsoncontrols — metasys_reporting_engine | Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. | 2021-02-19 | 5 | CVE-2020-9050 CONFIRM CERT |
kaco-newenergy — xp100u_firmware | KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability. | 2021-02-23 | 5 | CVE-2021-3252 MISC MISC MISC |
libxls_project — libxls | An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file. | 2021-02-23 | 4.3 | CVE-2020-27819 MISC |
linux — linux_kernel | A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. | 2021-02-23 | 6.1 | CVE-2021-20226 MISC |
linux — linux_kernel | There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. | 2021-02-23 | 4.6 | CVE-2021-20194 MISC |
luxion — keyshot | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. | 2021-02-23 | 6.8 | CVE-2021-22649 MISC |
luxion — keyshot | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | 2021-02-23 | 6.8 | CVE-2021-22643 MISC |
luxion — keyshot | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning. | 2021-02-23 | 6.8 | CVE-2021-22645 MISC |
luxion — keyshot | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code. | 2021-02-23 | 6.8 | CVE-2021-22647 MISC |
luxion — keyshot | When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders. | 2021-02-23 | 6.8 | CVE-2021-22651 MISC |
mailtrain — mailtrain | Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. | 2021-02-19 | 6 | CVE-2020-24617 MISC MISC |
mantisbt — mantisbt | An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings. | 2021-02-22 | 4.3 | CVE-2020-35571 MISC |
mbsync_project — mbsync | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing ‘..’ path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. | 2021-02-23 | 5.8 | CVE-2021-20247 MISC MISC |
microsoft — .net | .NET Core and Visual Studio Denial of Service Vulnerability | 2021-02-25 | 4.3 | CVE-2021-1721 N/A |
microsoft — modernflow | ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. | 2021-02-19 | 4 | CVE-2021-3339 MISC MISC |
nanohttpd — nanohttpd | An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization. | 2021-02-23 | 4.3 | CVE-2020-13697 MISC MISC |
nozominetworks — central_management_control | Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. | 2021-02-22 | 4 | CVE-2021-26725 CONFIRM |
openenergymonitor — emoncms | Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter. | 2021-02-21 | 4.3 | CVE-2021-26716 MISC |
osc — open_ondemand | Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | 2021-02-19 | 6.8 | CVE-2020-36247 MISC |
owncloud — file_firewall | The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. | 2021-02-19 | 5 | CVE-2020-36249 MISC |
owncloud — owncloud | An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack. | 2021-02-19 | 6.5 | CVE-2020-10252 MISC CONFIRM MISC |
owncloud — owncloud | An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview. | 2021-02-19 | 4.3 | CVE-2020-10254 MISC CONFIRM MISC |
owncloud — owncloud | ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else’s access to that share. | 2021-02-19 | 4 | CVE-2020-36251 MISC |
png-img_project — png-img | An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file. | 2021-02-20 | 6.8 | CVE-2020-28248 MISC MISC MISC MISC |
polarisoffice — polaris_office | Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file. | 2021-02-23 | 4.3 | CVE-2021-27550 MISC |
postgresql — postgresql | A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | 2021-02-23 | 4 | CVE-2021-20229 MISC |
qualcomm — apq8009 | An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-02-22 | 4.6 | CVE-2020-11286 CONFIRM |
qualcomm — apq8009 | Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | 5 | CVE-2020-11296 CONFIRM |
qualcomm — apq8009 | Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-02-22 | 4.6 | CVE-2020-11282 CONFIRM |
qualcomm — aqt1000 | Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | 5 | CVE-2020-11287 CONFIRM |
qualcomm — aqt1000_firmware | Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-02-22 | 4.6 | CVE-2020-11147 CONFIRM |
redhat — 3scale_api_management | A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability. | 2021-02-23 | 6.8 | CVE-2021-20252 MISC |
redhat — openshift_container_platform | A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-02-23 | 6.5 | CVE-2021-20182 MISC |
redhat — openshift_installer | A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-02-23 | 6.8 | CVE-2021-20198 MISC |
redhat — satellite | A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-02-23 | 4.6 | CVE-2021-20256 MISC |
scrapbox-parser_project — scrapbox-parser | A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js. | 2021-02-19 | 5 | CVE-2021-27405 MISC MISC MISC |
se — powerlogic_ion7400_firmware | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. | 2021-02-19 | 5 | CVE-2021-22702 MISC |
se — powerlogic_ion7400_firmware | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. | 2021-02-19 | 5 | CVE-2021-22703 MISC |
smartstore — smartstorenet | An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). | 2021-02-19 | 6.8 | CVE-2020-27997 MISC MISC |
smarty — smarty | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | 2021-02-22 | 5 | CVE-2021-26119 MISC |
snowsoftware — snow_inventory | Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings. | 2021-02-23 | 6.8 | CVE-2021-27579 MISC |
softmaker — planmaker_2021 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | 2021-02-23 | 6.8 | CVE-2020-28587 MISC |
stunnel — stunnel | A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality. | 2021-02-23 | 5 | CVE-2021-20230 MISC MISC |
tasks — tasks | “Tasks” application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions. | 2021-02-22 | 4.6 | CVE-2020-22475 MISC MISC |
telegram — telegram | The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. | 2021-02-19 | 5 | CVE-2021-27351 MISC |
twitter-stream_project — twitter-stream | In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused). | 2021-02-19 | 4.3 | CVE-2020-24392 MISC MISC |
ui — unifi_protect_controller | UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash. | 2021-02-23 | 5 | CVE-2021-22882 MISC MISC |
urijs_project — urijs | URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. | 2021-02-22 | 5 | CVE-2021-27516 MISC MISC |
url-parse_project — url-parse | url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. | 2021-02-22 | 5 | CVE-2021-27515 MISC MISC MISC |
we-con — levistudiou | Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | 2021-02-23 | 6.8 | CVE-2020-16243 MISC |
webware — webdesktop | SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. | 2021-02-19 | 4 | CVE-2021-3204 MISC |
yeastar — neogate_tg400_firmware | Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key. | 2021-02-19 | 4 | CVE-2021-27328 MISC MISC MISC |
yz1 — yz1 | Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling. | 2021-02-22 | 6.8 | CVE-2020-24175 MISC MISC MISC MISC |
zohocorp — manageengine_adselfservice_plus | A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | 2021-02-19 | 4.3 | CVE-2021-27214 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — livy | Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users’ sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating. | 2021-02-20 | 3.5 | CVE-2021-26544 MLIST CONFIRM CONFIRM |
appspace — appspace | A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes. | 2021-02-22 | 3.5 | CVE-2021-27564 MISC |
custom_global_variables_project — custom_global_variables | Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field. | 2021-02-25 | 3.5 | CVE-2021-3124 MISC MISC |
dell — emc_powerprotect_cyber_recovery | Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. | 2021-02-19 | 3.6 | CVE-2021-21512 MISC |
fastadmin — fastadmin | fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background. | 2021-02-23 | 3.5 | CVE-2020-26609 MISC MISC MISC |
jenkins — active_choices | Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2021-02-24 | 3.5 | CVE-2021-21616 MLIST CONFIRM |
jenkins — artifact_repository_parameter | Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2021-02-24 | 3.5 | CVE-2021-21622 CONFIRM |
jenkins — claim | Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins. | 2021-02-24 | 3.5 | CVE-2021-21619 MLIST CONFIRM |
jenkins — repository_connector | Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2021-02-24 | 3.5 | CVE-2021-21618 CONFIRM |
keybase — keybase | Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the “Explode message/Explode now” functionality. Local filesystem access is needed by the attacker. | 2021-02-23 | 2.1 | CVE-2021-23827 MISC MISC MISC |
lightcms_project — lightcms | A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. | 2021-02-24 | 3.5 | CVE-2021-3355 MISC MISC |
monicahq — monica | The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. | 2021-02-22 | 3.5 | CVE-2021-27368 MISC MISC |
monicahq — monica | The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field. | 2021-02-22 | 3.5 | CVE-2021-27370 MISC MISC MISC |
monicahq — monica | The Contact page in Monica 2.19.1 allows stored XSS via the Description field. | 2021-02-22 | 3.5 | CVE-2021-27371 MISC MISC |
monicahq — monica | The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. | 2021-02-22 | 3.5 | CVE-2021-27559 MISC MISC |
monicahq — monica | The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. | 2021-02-22 | 3.5 | CVE-2021-27369 MISC MISC |
mybb — mybb | MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). | 2021-02-22 | 3.5 | CVE-2021-27279 CONFIRM CONFIRM MISC |
owncloud — owncloud | ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | 2021-02-19 | 2.7 | CVE-2020-36252 MISC |
owncloud — owncloud | The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | 2021-02-19 | 2.1 | CVE-2020-36248 MISC |
owncloud — owncloud | In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. | 2021-02-19 | 2.1 | CVE-2020-36250 MISC |
se — powerlogic_ion7400_firmware | A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. | 2021-02-19 | 3.5 | CVE-2021-22701 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abb — ac500_v2_products |
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. | 2021-02-26 | not yet calculated | CVE-2020-24686 CONFIRM |
advantech — bb-eswgp506-2sfp-t |
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | 2021-02-24 | not yet calculated | |
aiohttp — aiohttp |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows “pip install aiohttp >= 3.7.4”. If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications. | 2021-02-26 | not yet calculated | CVE-2021-21330 MISC MISC CONFIRM MISC DEBIAN |
amazon — pay_plugin |
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor. | 2021-02-26 | not yet calculated | CVE-2020-28199 MISC MISC |
aoache — batik |
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | 2021-02-24 | not yet calculated | CVE-2020-11987 MISC |
apache — xmlgraphics_comms |
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | 2021-02-24 | not yet calculated | CVE-2020-11988 MISC |
appspace — appspace |
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. | 2021-02-25 | not yet calculated | CVE-2021-27670 MISC |
aruba — clearpass_policy_manager |
A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | 2021-02-23 | not yet calculated | CVE-2021-26678 MISC |
aruba — clearpass_policy_mananager |
A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 2021-02-23 | not yet calculated | CVE-2021-26681 MISC |
atlassian — gadgets |
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled. | 2021-02-22 | not yet calculated | CVE-2020-36232 MISC |
atlassian — jira |
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | 2021-02-22 | not yet calculated | CVE-2020-29453 MISC |
bosch — video_recording_manager |
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM. | 2021-02-26 | not yet calculated | CVE-2019-11684 CONFIRM |
brave — brave |
Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108 | 2021-02-23 | not yet calculated | CVE-2021-21323 MISC CONFIRM MISC MISC MISC |
cisco — aci_multi-site_orchestrator |
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices. | 2021-02-24 | not yet calculated | CVE-2021-1388 CISCO |
cisco — anyconnect_secure_mobility_client |
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin. | 2021-02-24 | not yet calculated | CVE-2021-1450 CISCO |
cisco — application_services_engine |
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-02-24 | not yet calculated | CVE-2021-1393 CISCO |
cisco — application_services_engine |
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-02-24 | not yet calculated | CVE-2021-1396 CISCO |
cisco — fxos_and_nx-os |
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability. | 2021-02-24 | not yet calculated | CVE-2021-1368 CISCO |
cisco — nexus_9000_series_fabric_switches | A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic. | 2021-02-24 | not yet calculated | CVE-2021-1231 CISCO |
cisco — nexus_9000_series_fabric_switches | A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing. | 2021-02-24 | not yet calculated | CVE-2021-1361 CISCO |
cisco — nexus_9000_series_fabric_switches |
A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. This vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a crafted LLDP packet on the adjacent subnet to an affected device. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints. | 2021-02-24 | not yet calculated | CVE-2021-1228 CISCO |
cisco — nexus_9000_series_fabric_switches |
A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition. This vulnerability is due to an issue with the installation of routes upon receipt of a BGP update. An attacker could exploit this vulnerability by sending a crafted BGP update to an affected device. A successful exploit could allow the attacker to cause the routing process to crash, which could cause the device to reload. This vulnerability applies to both Internal BGP (IBGP) and External BGP (EBGP). Note: The Cisco implementation of BGP accepts incoming BGP traffic from explicitly configured peers only. To exploit this vulnerability, an attacker would need to send a specific BGP update message over an established TCP connection that appears to come from a trusted BGP peer. | 2021-02-24 | not yet calculated | CVE-2021-1230 CISCO |
cisco — nx-os | A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory. | 2021-02-24 | not yet calculated | CVE-2021-1387 CISCO |
cisco — nx-os |
A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 packet. An attacker could exploit this vulnerability by sending a sustained rate of crafted ICMPv6 packets to a local IPv6 address on a targeted device. A successful exploit could allow the attacker to cause a system memory leak in the ICMPv6 process on the device. As a result, the ICMPv6 process could run out of system memory and stop processing traffic. The device could then drop all ICMPv6 packets, causing traffic instability on the device. Restoring device functionality would require a device reboot. | 2021-02-24 | not yet calculated | CVE-2021-1229 CISCO |
cisco — nx-os |
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default. | 2021-02-24 | not yet calculated | CVE-2021-1227 CISCO |
cisco — nx-os |
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition. | 2021-02-24 | not yet calculated | CVE-2021-1367 CISCO |
comrak_crate — comrak_crate |
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack. | 2021-02-25 | not yet calculated | CVE-2021-27671 MISC |
contec — solarview_compact | Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors. | 2021-02-24 | not yet calculated | CVE-2021-20657 MISC MISC MISC |
contec — solarview_compact | SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors. | 2021-02-24 | not yet calculated | CVE-2021-20658 MISC MISC MISC |
contec — solarview_compact | Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 2021-02-24 | not yet calculated | CVE-2021-20661 MISC MISC MISC |
contec — solarview_compact | Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors. | 2021-02-24 | not yet calculated | CVE-2021-20662 MISC MISC MISC |
contec — solarview_compact |
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors. | 2021-02-24 | not yet calculated | CVE-2021-20656 MISC MISC MISC |
contec — solarview_compact |
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code. | 2021-02-24 | not yet calculated | CVE-2021-20659 MISC MISC MISC |
contec — solarview_compact |
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors. | 2021-02-24 | not yet calculated | CVE-2021-20660 MISC MISC MISC |
directus — directus | ** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-02-23 | not yet calculated | CVE-2021-26594 MISC |
directus — directus |
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-02-23 | not yet calculated | CVE-2021-26595 MISC |
directus — directus |
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-02-23 | not yet calculated | CVE-2021-27583 MISC |
directus — directus |
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-02-23 | not yet calculated | CVE-2021-26593 MISC |
dropbear — dropbear |
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. | 2021-02-25 | not yet calculated | CVE-2020-36254 MISC |
eclipse — jetty |
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality� (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | 2021-02-26 | not yet calculated | CVE-2020-27223 CONFIRM CONFIRM |
eclipse — theia |
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. | 2021-02-24 | not yet calculated | CVE-2020-27224 CONFIRM |
ewelink — ewelink |
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. | 2021-02-24 | not yet calculated | CVE-2020-12702 MISC MISC MISC MISC |
fontforge — fontforge |
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 2021-02-23 | not yet calculated | CVE-2020-25690 MISC |
gnu — c_library |
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | 2021-02-26 | not yet calculated | CVE-2020-27618 MISC MISC |
google — android | In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547. | 2021-02-26 | not yet calculated | CVE-2021-0405 MISC |
google — android | In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085. | 2021-02-26 | not yet calculated | CVE-2021-0367 MISC |
google — android | In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418. | 2021-02-26 | not yet calculated | CVE-2021-0406 MISC |
google — android | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265. | 2021-02-26 | not yet calculated | CVE-2021-0401 MISC |
google — android |
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124. | 2021-02-26 | not yet calculated | CVE-2021-0403 MISC |
google — android |
In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039. | 2021-02-26 | not yet calculated | CVE-2021-0404 MISC |
google — android |
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093. | 2021-02-26 | not yet calculated | CVE-2021-0366 MISC |
google — android |
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311. | 2021-02-26 | not yet calculated | CVE-2021-0402 MISC |
gopeak — masterlab |
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the ‘source’ parameter. | 2021-02-25 | not yet calculated | CVE-2020-23534 MISC |
gotenberg — thecodingmachine |
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src=’https://us-cert.cisa.govfile:///etc/passwd’>. | 2021-02-26 | not yet calculated | CVE-2021-23345 MISC MISC |
i-doit — i-doit |
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS. | 2021-02-27 | not yet calculated | CVE-2021-3151 MISC MISC |
ibm — multiple_products |
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. | 2021-02-24 | not yet calculated | CVE-2020-4931 XF CONFIRM |
kaspersky — rescue_disk |
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component. | 2021-02-26 | not yet calculated | CVE-2020-26200 MISC |
keylime — keylime |
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. | 2021-02-25 | not yet calculated | CVE-2021-3406 MISC MISC |
libcaca — libcaca |
A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | 2021-02-23 | not yet calculated | CVE-2021-3410 MISC MISC |
libebml — libebml |
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. | 2021-02-23 | not yet calculated | CVE-2021-3405 MISC |
lma — isida_retriever |
LMA ISIDA Retriever 5.2 allows SQL Injection. | 2021-02-26 | not yet calculated | CVE-2021-26904 MISC MISC |
lma — isida_retriever |
LMA ISIDA Retriever 5.2 is vulnerable to XSS via query[‘text’]. | 2021-02-26 | not yet calculated | CVE-2021-26903 MISC MISC |
magento — upward-php |
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation. | 2021-02-25 | not yet calculated | CVE-2021-21064 MISC MISC |
micro_focus — solutions_business_manager | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | 2021-02-26 | not yet calculated | CVE-2019-18945 CONFIRM |
micro_focus — solutions_business_manager | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. | 2021-02-26 | not yet calculated | CVE-2019-18947 CONFIRM |
micro_focus — solutions_business_manager |
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. | 2021-02-26 | not yet calculated | CVE-2019-18942 CONFIRM |
micro_focus — solutions_business_manager |
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | 2021-02-26 | not yet calculated | CVE-2019-18943 MISC |
micro_focus — solutions_business_manager |
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | 2021-02-26 | not yet calculated | CVE-2019-18944 CONFIRM |
micro_focus — solutions_business_manager |
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. | 2021-02-26 | not yet calculated | CVE-2019-18946 CONFIRM |
microsoft — azure |
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24109 N/A |
microsoft — azure |
Azure IoT CLI extension Elevation of Privilege Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24087 N/A |
microsoft — dynamics_365 | Microsoft Dataverse Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24101 N/A |
microsoft — dynamics_business_central |
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-1724 N/A |
microsoft — edge |
Microsoft Edge for Android Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24100 N/A |
microsoft — edge |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24113 N/A |
microsoft — excel | Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24070. | 2021-02-25 | not yet calculated | CVE-2021-24069 N/A |
microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24069. | 2021-02-25 | not yet calculated | CVE-2021-24070 N/A |
microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24068, CVE-2021-24069, CVE-2021-24070. | 2021-02-25 | not yet calculated | CVE-2021-24067 N/A |
microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24069, CVE-2021-24070. | 2021-02-25 | not yet calculated | CVE-2021-24068 N/A |
microsoft — exchange_server | Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730. | 2021-02-25 | not yet calculated | CVE-2021-24085 N/A |
microsoft — exchange_server |
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-24085. | 2021-02-25 | not yet calculated | CVE-2021-1730 N/A |
microsoft — installer |
Windows Installer Elevation of Privilege Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-1727 N/A |
microsoft — package_managers_configurations |
Package Managers Configurations Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24105 N/A |
microsoft — powershell |
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24082 N/A |
microsoft — sharepoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24072 N/A |
microsoft — sharepoint |
Microsoft SharePoint Spoofing Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-1726 N/A |
microsoft — sharepoint |
Microsoft SharePoint Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24071 N/A |
microsoft — sharepoint |
Microsoft SharePoint Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24066 N/A |
microsoft — skype |
Skype for Business and Lync Denial of Service Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24099 N/A |
microsoft — skype |
Skype for Business and Lync Spoofing Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24073 N/A |
microsoft — teams |
Microsoft Teams iOS Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24114 N/A |
microsoft — visual_studio_code | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-26700 N/A |
microsoft — visual_studio_code |
Visual Studio Code Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-1639 N/A |
microsoft — windows | Windows DirectX Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24106 N/A |
microsoft — windows | Windows Local Spooler Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24088 N/A |
microsoft — windows | .NET Framework Denial of Service Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24111 N/A |
microsoft — windows | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24081 N/A |
microsoft — windows | Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102. | 2021-02-25 | not yet calculated | CVE-2021-24103 N/A |
microsoft — windows | Windows Camera Codec Pack Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24091 N/A |
microsoft — windows | Windows Console Driver Denial of Service Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24098 N/A |
microsoft — windows | Windows Address Book Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24083 N/A |
microsoft — windows | Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074. | 2021-02-25 | not yet calculated | CVE-2021-24094 N/A |
microsoft — windows |
Microsoft Defender Elevation of Privilege Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24092 N/A |
microsoft — windows |
Windows Graphics Component Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24093 MISC N/A |
microsoft — windows |
Windows Kernel Elevation of Privilege Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24096 N/A |
microsoft — windows |
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103. | 2021-02-25 | not yet calculated | CVE-2021-24102 N/A |
microsoft — windows |
Windows PKU2U Elevation of Privilege Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-25195 N/A |
microsoft — windows |
Sysinternals PsExec Elevation of Privilege Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-1733 N/A |
microsoft — windows |
PFX Encryption Security Feature Bypass Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-1731 N/A |
microsoft — windows |
System Center Operations Manager Elevation of Privilege Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-1728 N/A |
microsoft — windows |
Microsoft Windows Security Feature Bypass Vulnerability | 2021-02-25 | not yet calculated | CVE-2020-17162 N/A |
microsoft — windows |
Windows Remote Procedure Call Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-1734 N/A |
microsoft — windows |
Microsoft Windows VMSwitch Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24076 N/A |
microsoft — windows |
Windows Network File System Denial of Service Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24075 N/A |
microsoft — windows |
Windows TCP/IP Denial of Service Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24086 N/A |
microsoft — windows |
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094. | 2021-02-25 | not yet calculated | CVE-2021-24074 N/A |
microsoft — windows |
Windows Mobile Device Management Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24084 N/A |
microsoft — windows |
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722. | 2021-02-25 | not yet calculated | CVE-2021-24077 N/A |
microsoft — windows |
Windows DNS Server Remote Code Execution Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24078 N/A |
microsoft — windows |
Windows Backup Engine Information Disclosure Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24079 N/A |
microsoft — windows |
Windows Trust Verification API Denial of Service Vulnerability | 2021-02-25 | not yet calculated | CVE-2021-24080 N/A |
microsoft — windows_fax_service |
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077. | 2021-02-25 | not yet calculated | CVE-2021-1722 N/A |
microsoft — windows_win32k |
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1732. | 2021-02-25 | not yet calculated | CVE-2021-1698 N/A |
microsoft — windows_win32k |
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698. | 2021-02-25 | not yet calculated | CVE-2021-1732 N/A |
mongodb — mongodb | A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. | 2021-02-25 | not yet calculated | CVE-2021-20327 MISC |
mongodb — mongodb |
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. | 2021-02-25 | not yet calculated | CVE-2021-20328 MISC |
mozilla — firefox | One phishing tactic on the web is to provide a link with HTTP Auth. For example ‘https://www.phishingtarget.com@evil.com’. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. | 2021-02-26 | not yet calculated | CVE-2021-23972 MISC MISC |
mozilla — firefox | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. | 2021-02-26 | not yet calculated | CVE-2021-23979 MISC MISC |
mozilla — firefox | Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. | 2021-02-26 | not yet calculated | CVE-2021-23977 MISC MISC |
mozilla — firefox | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. | 2021-02-26 | not yet calculated | CVE-2021-23976 MISC MISC |
mozilla — firefox | The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86. | 2021-02-26 | not yet calculated | CVE-2021-23975 MISC MISC |
mozilla — firefox | The DOMParser API did not properly process ‘<noscript>’ elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | 2021-02-26 | not yet calculated | CVE-2021-23974 MISC MISC |
mozilla — firefox | Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23965 MISC MISC |
mozilla — firefox | An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23959 MISC MISC |
mozilla — firefox | The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23958 MISC MISC |
mozilla — firefox |
Incorrect use of the ‘<RowCountChanged>’ method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23962 MISC MISC |
mozilla — firefox |
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | 2021-02-26 | not yet calculated | CVE-2021-23970 MISC MISC |
mozilla — firefox |
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23957 MISC MISC |
mozilla — firefox |
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network’s hosts as well as services running on the user’s local machine. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23961 MISC MISC |
mozilla — firefox |
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23963 MISC MISC |
mozilla — firefox |
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect’s Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. | 2021-02-26 | not yet calculated | CVE-2021-23971 MISC MISC |
mozilla — firefox |
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23956 MISC MISC |
mozilla — firefox |
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. | 2021-02-26 | not yet calculated | CVE-2021-23955 MISC MISC |
mozilla — multiple_products | If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | 2021-02-26 | not yet calculated | CVE-2021-23953 MISC MISC MISC MISC |
mozilla — multiple_products | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | 2021-02-26 | not yet calculated | CVE-2021-23978 MISC MISC MISC MISC |
mozilla — multiple_products | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | 2021-02-26 | not yet calculated | CVE-2021-23973 MISC MISC MISC MISC |
mozilla — multiple_products |
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | 2021-02-26 | not yet calculated | CVE-2021-23960 MISC MISC MISC MISC |
mozilla — multiple_products |
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | 2021-02-26 | not yet calculated | CVE-2021-23964 MISC MISC MISC MISC |
mozilla — multiple_products |
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | 2021-02-26 | not yet calculated | CVE-2021-23954 MISC MISC MISC MISC |
mozilla — multiple_products |
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | 2021-02-26 | not yet calculated | CVE-2021-23968 MISC MISC MISC MISC |
mozilla — multiple_products |
As specified in the W3C Content Security Policy draft, when creating a violation report, “User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.” Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination’s origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | 2021-02-26 | not yet calculated | CVE-2021-23969 MISC MISC MISC MISC |
mupdf — mupdf |
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. | 2021-02-23 | not yet calculated | CVE-2021-3407 MISC |
nagios — xi |
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI’s web system. | 2021-02-25 | not yet calculated | CVE-2021-3273 MISC MISC |
netplex — json-smart |
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. | 2021-02-23 | not yet calculated | CVE-2021-27568 MISC MISC |
nextcloud — deck |
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | 2021-02-23 | not yet calculated | CVE-2020-8297 MISC MISC MISC |
node-red — node-red | Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is able to access any file via the Projects API. The issue has been patched in Node-RED 1.2.8. The vulnerability applies only to the Projects feature which is not enabled by default in Node-RED. The primary workaround is not give untrusted users read access to the Node-RED editor. | 2021-02-26 | not yet calculated | CVE-2021-21298 MISC MISC CONFIRM MISC |
node-red — node-red |
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url. | 2021-02-26 | not yet calculated | CVE-2021-21297 MISC CONFIRM MISC MISC |
openid — connect_server |
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest. | 2021-02-23 | not yet calculated | CVE-2021-27582 MISC MISC |
openscad — openscad |
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2021-02-24 | not yet calculated | CVE-2020-28599 MISC |
opensuse — opesuse |
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. | 2021-02-25 | not yet calculated | CVE-2020-8032 CONFIRM |
opentext — content_server |
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. | 2021-02-26 | not yet calculated | CVE-2021-3010 MISC MISC |
owncloud — owncloud/client |
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. | 2021-02-26 | not yet calculated | CVE-2020-28646 MISC MISC |
p2p — p2p |
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | 2021-02-26 | not yet calculated | CVE-2021-27803 MLIST MISC MISC MISC |
prestashop — prestashop | PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2 | 2021-02-26 | not yet calculated | CVE-2021-21308 MISC MISC CONFIRM |
prestashop — prestashop |
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2 | 2021-02-26 | not yet calculated | CVE-2021-21302 MISC MISC CONFIRM |
prosoft_technology — icx35-hwc-a_and_icx35-hwc-e |
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior). | 2021-02-26 | not yet calculated | CVE-2021-22661 MISC |
qemu — qemu |
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | 2021-02-25 | not yet calculated | CVE-2021-20203 MISC MISC |
qualcomm — multiple_snapdragon_products | Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-02-22 | not yet calculated | CVE-2020-11253 CONFIRM |
qualcomm — multiple_snapdragon_products | Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11281 CONFIRM |
qualcomm — multiple_snapdragon_products | Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2021-02-22 | not yet calculated | CVE-2020-11297 CONFIRM |
qualcomm — multiple_snapdragon_products | Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11280 CONFIRM |
qualcomm — multiple_snapdragon_products | Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11271 CONFIRM |
qualcomm — multiple_snapdragon_products | Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11278 CONFIRM |
qualcomm — multiple_snapdragon_products | Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11270 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-02-22 | not yet calculated | CVE-2020-11277 CONFIRM |
qualcomm — multiple_snapdragon_products |
Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2021-02-22 | not yet calculated | CVE-2020-11203 CONFIRM |
qualcomm — multiple_snapdragon_products |
Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-02-22 | not yet calculated | CVE-2020-11272 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11275 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11276 CONFIRM |
qualcomm — multiple_snapdragon_products |
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11198 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11269 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-11204 CONFIRM |
qualcomm — multiple_snapdragon_products |
Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-02-22 | not yet calculated | CVE-2020-3664 CONFIRM |
redis — redis |
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways. | 2021-02-26 | not yet calculated | CVE-2021-21309 MISC MISC CONFIRM |
resitfy-paginate | The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. | 2021-02-25 | not yet calculated | CVE-2020-27543 MISC MISC MISC |
saltstack — salt | In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | 2021-02-27 | not yet calculated | CVE-2020-35662 CONFIRM |
saltstack — salt |
An issue was discovered in SaltStack Salt before 3002.5. The minion’s restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | 2021-02-27 | not yet calculated | CVE-2020-28243 CONFIRM |
saltstack — salt |
An issue was discovered in SaltStack Salt before 3002.5. The salt-api’s ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. | 2021-02-27 | not yet calculated | CVE-2021-3197 MISC CONFIRM |
saltstack — salt |
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. | 2021-02-27 | not yet calculated | CVE-2021-25284 MISC CONFIRM |
saltstack — salt |
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 2021-02-27 | not yet calculated | CVE-2020-28972 CONFIRM |
saltstack — salt |
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. | 2021-02-27 | not yet calculated | CVE-2021-25283 MISC CONFIRM |
saltstack — salt |
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. | 2021-02-27 | not yet calculated | CVE-2021-25282 MISC CONFIRM |
saltstack — salt |
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. | 2021-02-27 | not yet calculated | CVE-2021-25281 MISC CONFIRM MISC |
saltstack — salt |
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. | 2021-02-27 | not yet calculated | CVE-2021-3148 MISC CONFIRM |
saltstack — salt |
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) | 2021-02-27 | not yet calculated | CVE-2021-3144 MISC CONFIRM |
scytl — svote |
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | 2021-02-27 | not yet calculated | CVE-2019-25021 MISC |
scytl — svote |
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. | 2021-02-27 | not yet calculated | CVE-2019-25020 MISC |
scytl — svote |
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. | 2021-02-27 | not yet calculated | CVE-2019-25022 MISC |
scytl — svote |
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. | 2021-02-27 | not yet calculated | CVE-2019-25023 MISC |
sercomm — ag_combo_vd625_agsot_devices |
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. | 2021-02-27 | not yet calculated | CVE-2021-27132 MISC MISC |
swift — vapor |
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters. | 2021-02-26 | not yet calculated | CVE-2021-21328 MISC MISC CONFIRM MISC |
synapse — synapse |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. | 2021-02-26 | not yet calculated | CVE-2021-21274 MISC MISC MISC CONFIRM |
synapse — synapse |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. | 2021-02-26 | not yet calculated | CVE-2021-21273 MISC MISC MISC CONFIRM |
synology — diskstation_manager | Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | 2021-02-26 | not yet calculated | CVE-2021-26561 CONFIRM |
synology — diskstation_manager | Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | 2021-02-26 | not yet calculated | CVE-2021-26562 CONFIRM |
synology — diskstation_manager | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. | 2021-02-26 | not yet calculated | CVE-2021-26565 CONFIRM |
synology — diskstation_manager | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | 2021-02-26 | not yet calculated | CVE-2021-26564 CONFIRM |
synology — diskstation_manager | Use of unmaintained third party components vulnerability in faad in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via a crafted file path. | 2021-02-26 | not yet calculated | CVE-2021-26567 CONFIRM |
synology — diskstation_manager | Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. | 2021-02-26 | not yet calculated | CVE-2021-26566 CONFIRM |
synology — diskstation_manager |
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | 2021-02-26 | not yet calculated | CVE-2021-26560 CONFIRM |
synology — diskstation_manager |
Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module. | 2021-02-26 | not yet calculated | CVE-2021-26563 CONFIRM |
tpm2 — tpm2 | Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. | 2021-02-26 | not yet calculated | CVE-2020-24455 CONFIRM CONFIRM CONFIRM |
triconsole — datepicker_calendar |
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. | 2021-02-25 | not yet calculated | CVE-2021-27330 MISC MISC MISC MISC |
undertow — undertow |
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. | 2021-02-23 | not yet calculated | CVE-2021-20220 MISC |
visualware — myconnection_server |
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. | 2021-02-19 | not yet calculated | CVE-2021-27509 MISC |
visualware — myconnection_server |
An issue was discovered in Visualware MyConnection Server through 11.0b build 5382. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. | 2021-02-26 | not yet calculated | CVE-2021-27198 MISC MISC MISC MISC |
vmware — multiple_products |
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. | 2021-02-24 | not yet calculated | CVE-2021-21974 CONFIRM MISC |
vmware — spring |
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security’s StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. | 2021-02-23 | not yet calculated | CVE-2021-22113 CONFIRM |
vmware — spring_security | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application’s intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. | 2021-02-23 | not yet calculated | CVE-2021-22112 MLIST MISC |
vmware — vcenter_server_and_cloud_foundation |
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | 2021-02-24 | not yet calculated | CVE-2021-21972 CONFIRM |
vmware — vcenter_server_and_cloud_foundation |
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | 2021-02-24 | not yet calculated | CVE-2021-21973 CONFIRM |
voiceye — wsactivebridgees |
VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page. | 2021-02-24 | not yet calculated | CVE-2020-7836 CONFIRM |
weberp — weberp |
In webERP 4.15, the ManualContents.php file allows users to specify the “Language” parameter, which can lead to local file inclusion. | 2021-02-22 | not yet calculated | CVE-2020-22474 MISC |
zenphoto — zenphoto |
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server’s uploaded/ directory. | 2021-02-26 | not yet calculated | CVE-2020-36079 MISC |
zint — barcode_generator |
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code. | 2021-02-26 | not yet calculated | CVE-2021-27799 MISC MISC MISC MISC MISC |
zte — zxr10_8900e |
A ZTE product has a memory leak vulnerability. Due to the product’s improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1. | 2021-02-26 | not yet calculated | CVE-2021-21724 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.