Original release date: March 22, 2021
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — creative_cloud_desktop_application | Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | 2021-03-12 | 9.3 | CVE-2021-21069 MISC MISC |
adobe — framemaker | Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 9.3 | CVE-2021-21056 MISC MISC |
adobe — photoshop_2020 | Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 9.3 | CVE-2021-21067 MISC |
dell — supportassist_client_promanage | Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. | 2021-03-12 | 7.2 | CVE-2021-21518 CONFIRM |
diesel_project — diesel | An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed. | 2021-03-12 | 7.5 | CVE-2021-28305 MISC |
domainmod — domainmod | DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality. | 2021-03-15 | 7.5 | CVE-2020-35358 MISC |
gnu — gnutls | A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | 2021-03-12 | 7.5 | CVE-2021-20231 MISC MISC |
gnu — gnutls | A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. | 2021-03-12 | 7.5 | CVE-2021-20232 MISC MISC |
ibm — security_guardium | IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802.. | 2021-03-15 | 7.5 | CVE-2020-4184 XF CONFIRM |
kill-process-by-name_project — kill-process-by-name | This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. | 2021-03-15 | 7.5 | CVE-2021-23356 MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. | 2021-03-15 | 7.2 | CVE-2021-28375 MISC FEDORA FEDORA FEDORA MISC |
mcafee — endpoint_product_removal_tool | Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location. | 2021-03-15 | 7.2 | CVE-2021-23879 CONFIRM |
ps-kill_project — ps-kill | This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require(‘ps-kill’); ps_kill.kill(‘$(touch success)’,function(){}); | 2021-03-15 | 7.5 | CVE-2021-23355 MISC |
qualcomm — apq8009_firmware | Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | 7.5 | CVE-2020-11227 CONFIRM |
rabbitmq — jms_client | JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. | 2021-03-12 | 7.5 | CVE-2020-36282 MISC MISC MISC MISC |
shopxo — shopxo | A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. | 2021-03-15 | 7.5 | CVE-2021-27817 MISC MISC |
sonicwall — sma100_firmware | A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a ‘nobody’ user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | 2021-03-13 | 9 | CVE-2021-20017 CONFIRM |
synology — diskstation_manager | Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | 2021-03-12 | 7.5 | CVE-2021-27646 CONFIRM MISC |
synology — diskstation_manager | Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | 2021-03-12 | 7.5 | CVE-2021-27647 CONFIRM |
zzzcms — zzzphp | A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. | 2021-03-15 | 7.5 | CVE-2020-24877 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adaltas — printf | The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /%(?:(([w_.]+))|([1-9]d*)$)?([0 +-]*)(*|d+)?(.)?(*|d+)?[hlL]?([%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. | 2021-03-12 | 5 | CVE-2021-23354 CONFIRM CONFIRM CONFIRM |
adobe — animate | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 5.8 | CVE-2021-21073 MISC |
adobe — animate | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 5.8 | CVE-2021-21072 MISC |
adobe — animate | Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 6.8 | CVE-2021-21071 MISC |
adobe — animate | Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 6.8 | CVE-2021-21077 MISC |
adobe — animate | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 5.8 | CVE-2021-21074 MISC |
adobe — animate | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 5.8 | CVE-2021-21075 MISC |
adobe — animate | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 5.8 | CVE-2021-21076 MISC |
adobe — connect | Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field. | 2021-03-12 | 4.3 | CVE-2021-21079 MISC |
adobe — connect | Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field. | 2021-03-12 | 4.3 | CVE-2021-21080 MISC |
adobe — connect | Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account. | 2021-03-12 | 6.8 | CVE-2021-21085 MISC |
adobe — creative_cloud_desktop_application | Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction | 2021-03-12 | 4.4 | CVE-2021-21078 MISC |
adobe — creative_cloud_desktop_application | Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. | 2021-03-12 | 4.4 | CVE-2021-21068 MISC |
adobe — photoshop | Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-03-12 | 6.8 | CVE-2021-21082 MISC |
canonical — courier-authlib | The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user’s existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash). | 2021-03-15 | 5 | CVE-2021-28374 MISC |
cloudera — data_engineering | In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. | 2021-03-15 | 4 | CVE-2021-3167 MISC MISC MISC |
cryptshare — cryptshare_server | A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1 | 2021-03-15 | 4.3 | CVE-2021-3150 MISC |
dogtagpki — dogtagpki | A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. | 2021-03-15 | 5.5 | CVE-2021-20179 MISC MISC MISC MISC MISC MISC FEDORA FEDORA FEDORA |
eclipse — theia | In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected. | 2021-03-12 | 4.3 | CVE-2021-28161 CONFIRM |
eclipse — theia | In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run. | 2021-03-12 | 4.3 | CVE-2021-28162 CONFIRM |
fltk_project — fltk | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon. | 2021-03-12 | 5 | CVE-2021-28307 MISC |
fltk_project — fltk | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation. | 2021-03-12 | 6.4 | CVE-2021-28308 MISC |
fltk_project — fltk | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent. | 2021-03-12 | 5 | CVE-2021-28306 MISC |
getgrav — grav_cms | The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF). | 2021-03-15 | 5.1 | CVE-2020-29553 MISC |
ibm — api_connect | IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536. | 2021-03-15 | 4 | CVE-2021-20440 XF CONFIRM |
ibm — datapower_gateway | IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965. | 2021-03-12 | 5 | CVE-2020-4831 XF CONFIRM |
is-svg_project — is-svg | The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | 2021-03-12 | 5 | CVE-2021-28092 MISC MISC MISC |
leptonica — leptonica | Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. | 2021-03-12 | 5 | CVE-2020-36281 MISC MISC MISC |
leptonica — leptonica | Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. | 2021-03-12 | 5 | CVE-2020-36278 MISC MISC MISC |
leptonica — leptonica | Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. | 2021-03-12 | 5 | CVE-2020-36279 MISC MISC MISC |
leptonica — leptonica | Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. | 2021-03-12 | 5 | CVE-2020-36280 MISC MISC MISC |
linuxfoundation — argo-cd | An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. | 2021-03-15 | 4.3 | CVE-2021-26924 MISC MISC |
linuxfoundation — argo-cd | An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. | 2021-03-15 | 5 | CVE-2021-26923 MISC MISC |
mendix — forgot_password | A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts. | 2021-03-15 | 6.5 | CVE-2021-25672 CONFIRM |
msgpack5_project — msgpack5 | msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a “Prototype Poisoning” vulnerability. When msgpack5 decodes a map containing a key “__proto__”, it assigns the decoded value to __proto__. Object.prototype.__proto__ is an accessor property for the receiver’s prototype. If the value corresponding to the key __proto__ decodes to an object or null, msgpack5 sets the decoded object’s prototype to that value. An attacker who can submit crafted MessagePack data to a service can use this to produce values that appear to be of other types; may have unexpected prototype properties and methods (for example length, numeric properties, and push et al if __proto__’s value decodes to an Array); and/or may throw unexpected exceptions when used (for example if the __proto__ value decodes to a Map or Date). Other unexpected behavior might be produced for other types. There is no effect on the global prototype. This “prototype poisoning” is sort of a very limited inversion of a prototype pollution attack. Only the decoded value’s prototype is affected, and it can only be set to msgpack5 values (though if the victim makes use of custom codecs, anything could be a msgpack5 value). We have not found a way to escalate this to true prototype pollution (absent other bugs in the consumer’s code). This has been fixed in msgpack5 version 3.6.1, 4.5.1, and 5.2.1. See the referenced GitHub Security Advisory for an example and more details. | 2021-03-12 | 6.5 | CVE-2021-21368 MISC MISC MISC MISC CONFIRM MISC |
mybb — mybb | SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). | 2021-03-15 | 6.5 | CVE-2021-27946 MISC |
mybb — mybb | Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. | 2021-03-15 | 4.3 | CVE-2021-27889 MISC |
mybb — mybb | Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. | 2021-03-15 | 4.3 | CVE-2021-27949 MISC |
mybb — mybb | SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). | 2021-03-15 | 6.5 | CVE-2021-27948 MISC |
mybb — mybb | SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). | 2021-03-15 | 6.5 | CVE-2021-27947 MISC |
myvestacp — myvesta | web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. | 2021-03-15 | 6.8 | CVE-2021-28379 MISC MISC |
ntt-tx — magicconnect | Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified directory and to execute arbitrary code with the privilege of the user invoking the installer when a terminal is connected remotely using Remote desktop. | 2021-03-12 | 6.8 | CVE-2021-20674 MISC MISC |
openmaint — openmaint | Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any “Add” sections, such as Add Card Building & Floor, or others in the Name and Code Parameters. | 2021-03-15 | 4.3 | CVE-2021-27695 MISC MISC |
pupnp_project — pupnp | A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. | 2021-03-12 | 5 | CVE-2021-28302 MISC |
qualcomm — apq8009_firmware | Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | 5 | CVE-2020-11226 CONFIRM |
qualcomm — apq8009_firmware | Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | 6.4 | CVE-2020-11189 CONFIRM |
qualcomm — apq8009_firmware | Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | 6.4 | CVE-2020-11190 CONFIRM |
qualcomm — apq8017_firmware | Buffer over read while processing MT SMS with maximum length due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile | 2021-03-17 | 6.4 | CVE-2020-11222 CONFIRM |
qualcomm — apq8017_firmware | Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-03-17 | 5 | CVE-2020-11218 CONFIRM |
qualcomm — aqt1000_firmware | Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2021-03-17 | 4.6 | CVE-2020-11228 CONFIRM |
qualcomm — aqt1000_firmware | While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2021-03-17 | 4.4 | CVE-2020-11220 CONFIRM |
qualcomm — aqt1000_firmware | Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-03-17 | 4.4 | CVE-2020-11230 CONFIRM |
siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset. | 2021-03-15 | 4.9 | CVE-2020-25236 CONFIRM |
siemens — ruggedcom_rm1224_firmware | A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. | 2021-03-15 | 5 | CVE-2021-25676 CONFIRM |
siemens — ruggedcom_rm1224_firmware | A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3), SCALANCE M-800 (All versions >= V4.3), SCALANCE S615 (All versions >= V4.3), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE X300WG (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XR500 (All versions < V6.2), SCALANCE Xx200 Family (All versions < V4.1). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. | 2021-03-15 | 5.8 | CVE-2021-25667 CONFIRM |
siemens — simatic_mv440_sr_firmware | A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions. | 2021-03-15 | 5 | CVE-2020-25241 CONFIRM |
siemens — simatic_s7-plcsim | A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, the application could enter an infinite loop, become unresponsive and must be restarted to restore the service. | 2021-03-15 | 4.9 | CVE-2021-25673 CONFIRM |
siemens — sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service. | 2021-03-15 | 6.5 | CVE-2020-25240 CONFIRM |
siemens — sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights. | 2021-03-15 | 6.5 | CVE-2020-25239 CONFIRM |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532) | 2021-03-15 | 6.8 | CVE-2021-27380 CONFIRM |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534) | 2021-03-15 | 6.8 | CVE-2021-27381 CONFIRM |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049) | 2021-03-15 | 6.8 | CVE-2020-28385 CONFIRM |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923) | 2021-03-15 | 4.3 | CVE-2020-28387 CONFIRM |
sonicwall — sma100_firmware | A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | 2021-03-13 | 4 | CVE-2021-20018 CONFIRM |
spdk — storage_performance_development_kit | An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference. | 2021-03-13 | 5 | CVE-2021-28361 MISC |
ssri_project — ssri | ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. | 2021-03-12 | 4.3 | CVE-2021-27290 MISC MISC MISC |
synology — diskstation_manager | Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | 2021-03-12 | 6.8 | CVE-2021-26569 CONFIRM MISC |
tt-rss — tiny_tiny_rss | The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases. | 2021-03-13 | 5 | CVE-2021-28373 MISC MISC |
tyk — tyk | All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request. | 2021-03-15 | 4.6 | CVE-2021-23357 MISC MISC |
xilinx — zynq-7000s_firmware | When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification to the Zynq-7000 device is needed to replace the original nand flash memory with a nand flash emulator for this attack to be successful. | 2021-03-15 | 4.6 | CVE-2021-27208 MISC MISC MISC |
zohocorp — manageengine_servicedesk_plus | Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | 2021-03-13 | 6.5 | CVE-2020-35682 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
gitea — gitea | Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations. | 2021-03-15 | 3.5 | CVE-2021-28378 MISC MISC |
qualcomm — apq8009_firmware | HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-03-17 | 2.1 | CVE-2020-11199 CONFIRM |
qualcomm — apq8009_firmware | Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-03-17 | 2.1 | CVE-2020-11221 CONFIRM |
siemens — simatic_s7-plcsim | A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service. | 2021-03-15 | 2.1 | CVE-2021-25674 CONFIRM |
siemens — simatic_s7-plcsim | A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service. | 2021-03-15 | 2.1 | CVE-2021-25675 CONFIRM |
zte — zxone_9700_firmware | Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set> | 2021-03-12 | 2.1 | CVE-2021-21726 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress — wordpress | Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. | 2021-03-18 | not yet calculated | CVE-2021-24141 CONFIRM |
acexy — wireless-n_wifi_repeater_rev_1.0 |
Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page (“Repeater Wizard” homepage section). | 2021-03-18 | not yet calculated | CVE-2021-28160 MISC MISC |
advantech — spectra_rt_ert351_routers | Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. | 2021-03-17 | not yet calculated | CVE-2019-18235 MISC MISC |
advantech — spectra_rt_ert351_routers | In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. | 2021-03-17 | not yet calculated | CVE-2019-18233 MISC MISC |
advantech — spectra_rt_ert351_routers |
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request. | 2021-03-17 | not yet calculated | CVE-2019-18231 MISC MISC |
advantech — webaccess/scada |
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | 2021-03-18 | not yet calculated | CVE-2021-27436 MISC |
aimeos — aimeos |
The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account. | 2021-03-16 | not yet calculated | CVE-2021-28380 MISC |
apache — ambari |
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 2021-03-17 | not yet calculated | CVE-2020-13924 CONFIRM |
apache — hive |
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8 | 2021-03-16 | not yet calculated | CVE-2020-1926 CONFIRM CONFIRM |
apache — openmeetings |
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0 | 2021-03-15 | not yet calculated | CVE-2021-27576 CONFIRM |
apache — pdfbox |
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | 2021-03-19 | not yet calculated | CVE-2021-27906 MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST CONFIRM MLIST |
apache — pdfbox |
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | 2021-03-19 | not yet calculated | CVE-2021-27807 MLIST MLIST MLIST MLIST MLIST MLIST CONFIRM MLIST MLIST MLIST MLIST MLIST |
apicast — apicast |
A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue. | 2021-03-18 | not yet calculated | CVE-2019-14852 MISC |
busybox — busybox |
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | 2021-03-19 | not yet calculated | CVE-2021-28831 MISC |
cairo — image-compositor |
A flaw was found in cairo’s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo’s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. | 2021-03-18 | not yet calculated | CVE-2020-35492 MISC |
cisco — rv134W_vdsl2_wireless-ac_vpn_routers |
A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. | 2021-03-18 | not yet calculated | CVE-2021-1287 CISCO |
concrete — cms |
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. | 2021-03-18 | not yet calculated | CVE-2021-28145 CONFIRM MISC |
cybozu — office | Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20626 MISC MISC |
cybozu — office | Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20634 MISC MISC |
cybozu — office | Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox. | 2021-03-18 | not yet calculated | CVE-2021-20628 MISC MISC |
cybozu — office | Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20632 MISC MISC |
cybozu — office |
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20627 MISC MISC |
cybozu — office |
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20629 MISC MISC |
cybozu — office |
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20624 MISC MISC |
cybozu — office |
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20625 MISC MISC |
cybozu — office |
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20630 MISC MISC |
cybozu — office |
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20631 MISC MISC |
cybozu — office |
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20633 MISC MISC |
eic — e-document_system | EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends. | 2021-03-17 | not yet calculated | CVE-2021-22860 CONFIRM CONFIRM CONFIRM |
eic — e-document_system |
The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege. | 2021-03-17 | not yet calculated | CVE-2021-22859 CONFIRM CONFIRM CONFIRM |
eslint-fixer — eslint-fixer |
** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted. | 2021-03-19 | not yet calculated | CVE-2021-26275 MISC MISC |
exacq_technologies — exacqvision |
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. | 2021-03-18 | not yet calculated | CVE-2021-27656 CERT CONFIRM |
expressionengine — expressionengine |
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | 2021-03-15 | not yet calculated | CVE-2021-27230 MISC MISC MISC MISC MISC |
fabric8 — kubernetes-client |
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 | 2021-03-16 | not yet calculated | CVE-2021-20218 MISC MISC |
faststone — image_viewer | FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 2021-03-18 | not yet calculated | CVE-2021-26235 MISC |
faststone — image_viewer |
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, ‘BitCount’ file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file. | 2021-03-18 | not yet calculated | CVE-2021-26236 MISC MISC MISC |
faststone — image_viewer |
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 2021-03-18 | not yet calculated | CVE-2021-26234 MISC |
faststone — image_viewer |
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 2021-03-18 | not yet calculated | CVE-2021-26233 MISC |
faststone — image_viewer |
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 2021-03-18 | not yet calculated | CVE-2021-26237 MISC |
fedoraproject — fedora |
Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn’t expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it’s possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc…) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI). | 2021-03-12 | not yet calculated | CVE-2021-21367 MISC MISC CONFIRM FEDORA FEDORA FEDORA |
fedoraproject — glib |
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. | 2021-03-17 | not yet calculated | CVE-2021-28650 MISC FEDORA |
fluxbb — fluxbb |
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server. | 2021-03-17 | not yet calculated | CVE-2020-28873 MISC MISC |
ftapi — ftapi |
FTAPI 4.0 – 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. | 2021-03-19 | not yet calculated | CVE-2021-25277 MISC MISC |
ftapi — ftapi |
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. | 2021-03-19 | not yet calculated | CVE-2021-25278 MISC MISC |
fudforum — fudforum |
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “author” parameter. | 2021-03-19 | not yet calculated | CVE-2021-27520 MISC |
fudforum — fudforum |
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “srch” parameter. | 2021-03-19 | not yet calculated | CVE-2021-27519 MISC |
fujitsu — serverview_suite_irmc |
Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages. | 2021-03-17 | not yet calculated | CVE-2020-17457 CONFIRM MISC |
google — chrome | Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-03-16 | not yet calculated | CVE-2021-21192 MISC MISC |
google — chrome |
Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-03-16 | not yet calculated | CVE-2021-21191 MISC MISC |
google — chrome |
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-03-16 | not yet calculated | CVE-2021-21193 MISC MISC |
grafana — grafana |
The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | 2021-03-18 | not yet calculated | CVE-2021-27358 CONFIRM CONFIRM |
grav — grav_cms |
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) | 2021-03-15 | not yet calculated | CVE-2020-29555 MISC |
grav — grav_cms |
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) | 2021-03-15 | not yet calculated | CVE-2020-29556 MISC |
hamilton_medical — t1-ventillators | In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface’s logs to get valid checksums for tampered configuration files. | 2021-03-15 | not yet calculated | CVE-2020-27290 MISC |
hamilton_medical — t1-ventillators |
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files. | 2021-03-15 | not yet calculated | CVE-2020-27282 MISC |
hamilton_medical — t1-ventillators |
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface. | 2021-03-15 | not yet calculated | CVE-2020-27278 MISC |
hgiga — mailsherlock |
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege. | 2021-03-18 | not yet calculated | CVE-2021-22848 MISC |
http-proxy-agent — http-proxy-agent |
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. | 2021-03-19 | not yet calculated | CVE-2019-10196 MISC MISC |
ibm — resillent_soar |
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. | 2021-03-19 | not yet calculated | CVE-2020-4635 XF CONFIRM |
ibm — spectrum_scale | IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450. | 2021-03-16 | not yet calculated | CVE-2020-4851 XF CONFIRM |
ibm — spectrum_scale | IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. | 2021-03-16 | not yet calculated | CVE-2020-4890 XF CONFIRM |
ibm — spectrum_scale |
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974. | 2021-03-16 | not yet calculated | CVE-2020-4891 XF CONFIRM |
it-recht — kanzlei |
The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection. | 2021-03-19 | not yet calculated | CVE-2020-6577 MISC MISC |
jenkins — jenkins | Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 2021-03-18 | not yet calculated | CVE-2021-21626 MLIST CONFIRM |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | 2021-03-18 | not yet calculated | CVE-2021-21627 MLIST CONFIRM |
jenkins — jenkins |
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. | 2021-03-18 | not yet calculated | CVE-2021-21625 MLIST CONFIRM |
jenkins — jenkins |
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 2021-03-18 | not yet calculated | CVE-2021-21624 MLIST CONFIRM |
jenkins — jenkins |
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 2021-03-18 | not yet calculated | CVE-2021-21623 MLIST CONFIRM |
jetbrains — phpstorm |
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. | 2021-03-18 | not yet calculated | CVE-2021-25764 MISC MISC |
kde — kde |
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) | 2021-03-20 | not yet calculated | CVE-2021-28117 MISC CONFIRM CONFIRM MISC |
kong — gateway |
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. | 2021-03-18 | not yet calculated | CVE-2021-27306 MISC MISC |
kramdown — kramdown |
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. | 2021-03-19 | not yet calculated | CVE-2021-28834 MISC MISC MISC |
libnbd — libnbd |
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. | 2021-03-15 | not yet calculated | CVE-2021-20286 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. | 2021-03-20 | not yet calculated | CVE-2020-27171 MISC MISC MISC |
linux — linux_kernel
|
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. | 2021-03-20 | not yet calculated | CVE-2021-28951 MISC |
linux — linux_kernel |
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A “stall on CPU” can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. | 2021-03-20 | not yet calculated | CVE-2021-28950 MISC MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) | 2021-03-20 | not yet calculated | CVE-2021-28952 MISC MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. | 2021-03-20 | not yet calculated | CVE-2020-27170 MISC MISC MISC |
linux — linux_kernel |
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. | 2021-03-17 | not yet calculated | CVE-2021-28660 MISC FEDORA |
m-system — dl8_series |
M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20676 MISC MISC |
m-system — dl8_series |
M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to cause a denial of service (DoS) condition via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20675 MISC MISC |
mariadb — mariadb |
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. | 2021-03-19 | not yet calculated | CVE-2021-27928 MISC MISC MISC MISC MISC MISC |
mediainfo — medianinfo |
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. | 2021-03-18 | not yet calculated | CVE-2020-26797 MISC |
mikrotik — routeros |
** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor’s position is that this is intended behavior because of how user policies work. | 2021-03-19 | not yet calculated | CVE-2021-27221 MISC |
minio — minio |
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using “aws-chunked” encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS. | 2021-03-19 | not yet calculated | CVE-2021-21390 MISC MISC CONFIRM |
moodle — moodle | The web service responsible for fetching other users’ enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 2021-03-15 | not yet calculated | CVE-2021-20283 MISC FEDORA MISC |
moodle — moodle | When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 2021-03-15 | not yet calculated | CVE-2021-20282 MISC FEDORA MISC |
moodle — moodle | Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 2021-03-15 | not yet calculated | CVE-2021-20280 MISC FEDORA MISC |
moodle — moodle |
A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role. | 2021-03-19 | not yet calculated | CVE-2019-14828 MISC |
moodle — moodle |
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum’s subscription mode was set to “forced subscription”, the forum’s subscribe link contained an open redirect. | 2021-03-19 | not yet calculated | CVE-2019-14831 MISC MISC |
moodle — moodle |
It was possible for some users without permission to view other users’ full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 2021-03-15 | not yet calculated | CVE-2021-20281 MISC FEDORA MISC |
moodle — moodle |
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user’s mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is “via the app”). | 2021-03-19 | not yet calculated | CVE-2019-14830 MISC MISC |
moodle — moodle |
A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode. | 2021-03-19 | not yet calculated | CVE-2019-14829 MISC MISC |
moodle — moodle |
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 2021-03-15 | not yet calculated | CVE-2021-20279 MISC FEDORA MISC |
mvfst — mvfst |
A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00. | 2021-03-15 | not yet calculated | CVE-2021-24029 CONFIRM CONFIRM |
mybb — mybb |
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. | 2021-03-15 | not yet calculated | CVE-2021-27890 MISC |
mydbr — mydbr |
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS. | 2021-03-15 | not yet calculated | CVE-2020-28149 MISC |
nats — server_and_jwt_library |
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | 2021-03-16 | not yet calculated | CVE-2021-3127 MISC |
nbdkit — nbdkit |
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side. | 2021-03-18 | not yet calculated | CVE-2019-14850 MISC MISC |
nbdkit — nbdkit |
A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1. | 2021-03-18 | not yet calculated | CVE-2019-14851 MISC MISC |
nessus — agent |
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. | 2021-03-19 | not yet calculated | CVE-2021-20077 MISC |
netapp — cloud_manager |
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). | 2021-03-19 | not yet calculated | CVE-2021-26992 MISC |
netapp — cloud_manager |
Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. | 2021-03-19 | not yet calculated | CVE-2021-26991 MISC |
netapp — cloud_manager |
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. | 2021-03-19 | not yet calculated | CVE-2021-26990 MISC |
netapp — multiple_products |
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. | 2021-03-15 | not yet calculated | CVE-2021-26987 CONFIRM |
openshift — builder | A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. | 2021-03-16 | not yet calculated | CVE-2021-3344 MISC |
openshift — container_platform |
A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high. | 2021-03-19 | not yet calculated | CVE-2019-10200 MISC MISC |
openshift — container_platform |
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn’t sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files. | 2021-03-19 | not yet calculated | CVE-2019-10225 MISC |
openvswitch — openvswitch |
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | 2021-03-18 | not yet calculated | CVE-2020-27827 MISC MISC |
ovation — dynamic_content |
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. | 2021-03-19 | not yet calculated | CVE-2021-3327 MISC MISC |
paid_memberships_pro — paid_memberships_pro |
SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 2021-03-18 | not yet calculated | CVE-2021-20678 MISC MISC MISC |
patchmerge — patchmerge |
Prototype pollution vulnerability in ‘patchmerge’ versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | 2021-03-16 | not yet calculated | CVE-2021-25916 MISC MISC |
pillow — pillow |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. | 2021-03-19 | not yet calculated | CVE-2021-25291 MISC |
pillow — pillow |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. | 2021-03-19 | not yet calculated | CVE-2021-25289 MISC |
pillow — pillow |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. | 2021-03-19 | not yet calculated | CVE-2021-25293 MISC |
pillow — pillow |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | 2021-03-19 | not yet calculated | CVE-2021-25292 MISC |
pillow — pillow |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | 2021-03-19 | not yet calculated | CVE-2021-25290 MISC |
pion — webrtc |
Pion WebRTC before 3.0.15 didn’t properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn’t allow the user to continue if verification has failed.) | 2021-03-18 | not yet calculated | CVE-2021-28681 MISC MISC |
port-killer — port-killer |
This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | 2021-03-18 | not yet calculated | CVE-2021-23359 MISC MISC |
portainer — portainer |
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover. | 2021-03-16 | not yet calculated | CVE-2020-24264 MISC |
portainer — portainer |
Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. | 2021-03-16 | not yet calculated | CVE-2020-24263 MISC |
postgresql — postgresql | A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. | 2021-03-19 | not yet calculated | CVE-2019-10128 MISC MISC |
postgresql — postgresql |
A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files. | 2021-03-19 | not yet calculated | CVE-2019-10127 MISC MISC |
pulse_secure — psa5000_and_psa7000_models |
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device. | 2021-03-16 | not yet calculated | CVE-2021-22887 MISC MISC |
pygments — pygments |
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | 2021-03-17 | not yet calculated | CVE-2021-27291 MISC MISC MLIST |
qemu — qemu |
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. | 2021-03-18 | not yet calculated | CVE-2021-3416 MISC MISC |
qiita — markdown |
Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. | 2021-03-18 | not yet calculated | CVE-2021-28796 MISC |
quadbase — espressreports |
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads. | 2021-03-15 | not yet calculated | CVE-2020-24985 MISC |
quadbase — expressdashboard |
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account. | 2021-03-15 | not yet calculated | CVE-2020-24982 MISC |
qualcomm — multiple_snapdragon_products | Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | not yet calculated | CVE-2020-11188 CONFIRM |
qualcomm — multiple_snapdragon_products | Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2021-03-17 | not yet calculated | CVE-2020-11186 CONFIRM |
qualcomm — multiple_snapdragon_products | Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2021-03-17 | not yet calculated | CVE-2020-11308 CONFIRM |
qualcomm — multiple_snapdragon_products | Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | not yet calculated | CVE-2020-11192 CONFIRM |
qualcomm — multiple_snapdragon_products |
Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | not yet calculated | CVE-2020-11166 CONFIRM |
qualcomm — multiple_snapdragon_products |
Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | not yet calculated | CVE-2020-11309 CONFIRM |
qualcomm — multiple_snapdragon_products |
Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | not yet calculated | CVE-2020-11171 CONFIRM |
qualcomm — multiple_snapdragon_products |
Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 2021-03-17 | not yet calculated | CVE-2020-11305 CONFIRM |
qualcomm — multiple_snapdragon_products |
Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-03-17 | not yet calculated | CVE-2020-11299 CONFIRM |
qualcomm — multiple_snapdragon_products |
Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2021-03-17 | not yet calculated | CVE-2020-11290 CONFIRM |
red_hat — quay | A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user’s container repository. Red Hat Quay 2 and 3 are vulnerable to this issue. | 2021-03-18 | not yet calculated | CVE-2019-3867 MISC |
red_hat — red_hat |
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue. | 2021-03-16 | not yet calculated | CVE-2019-3897 MISC |
red_hat — red_hat |
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. | 2021-03-15 | not yet calculated | CVE-2021-3418 MISC |
redash — redash |
Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form[“email”], request.form[“password”]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {“username”: username} code lacks sanitization. | 2021-03-18 | not yet calculated | CVE-2020-36144 MISC MISC |
rockwell_automation — drivetools_sp |
Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | 2021-03-18 | not yet calculated | CVE-2021-22665 MISC MISC |
rockwell_automation — factorytalk_services_platform |
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. | 2021-03-18 | not yet calculated | CVE-2020-14516 MISC |
schema-inspector — schema-inspector |
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn’t vulnerable to ReDoS. | 2021-03-19 | not yet calculated | CVE-2021-21267 MISC CONFIRM MISC |
seeddms — seeddms |
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. | 2021-03-18 | not yet calculated | CVE-2021-26215 MISC MISC |
seeddms — seeddms |
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. | 2021-03-18 | not yet calculated | CVE-2021-26216 MISC MISC |
seo — panel | The “order_col” parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | 2021-03-18 | not yet calculated | CVE-2021-28419 MISC |
seo — panel |
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the “search_name” parameter. | 2021-03-18 | not yet calculated | CVE-2021-28417 MISC |
seo — panel |
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the “category” parameter. | 2021-03-18 | not yet calculated | CVE-2021-28418 MISC |
seo — panel |
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the “from_time” parameter. | 2021-03-18 | not yet calculated | CVE-2021-28420 MISC |
shadow — shadow |
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM’s nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. | 2021-03-17 | not yet calculated | CVE-2017-20002 MISC MISC MLIST |
shescape — shescape |
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required. | 2021-03-19 | not yet calculated | CVE-2021-21384 MISC MISC CONFIRM MISC |
silverstripe — silberstripe_cms |
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL. | 2021-03-16 | not yet calculated | CVE-2021-27938 MISC CONFIRM |
softaculous — softaculous |
Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. | 2021-03-18 | not yet calculated | CVE-2020-26886 MISC MISC MISC |
sourcecodester — onlineordering | Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure. | 2021-03-16 | not yet calculated | CVE-2021-28295 MISC |
sourcecodester — onlineordering |
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). | 2021-03-16 | not yet calculated | CVE-2021-28294 MISC |
squid — squid |
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. | 2021-03-19 | not yet calculated | CVE-2020-25097 MISC MISC MISC |
ssh — tectica_client_and_server |
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. | 2021-03-15 | not yet calculated | CVE-2021-27893 MISC |
ssh — tectica_client_and_server |
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. | 2021-03-15 | not yet calculated | CVE-2021-27892 MISC |
ssh — tectica_client_and_server |
SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected. | 2021-03-15 | not yet calculated | CVE-2021-27891 MISC |
stackstorm — stackstorm |
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name). | 2021-03-18 | not yet calculated | CVE-2021-28667 MISC |
stormshield — network_security |
In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service. | 2021-03-19 | not yet calculated | CVE-2021-27506 CONFIRM |
subversion — mod_authz_svn |
Subversion’s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 | 2021-03-17 | not yet calculated | CVE-2020-17525 MISC |
swift — development_environment |
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace. | 2021-03-18 | not yet calculated | CVE-2021-28792 MISC |
taidii — diibear |
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. | 2021-03-17 | not yet calculated | CVE-2020-35455 MISC MISC |
taidii — diibear |
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. | 2021-03-17 | not yet calculated | CVE-2020-35454 MISC MISC |
taidii — diibear |
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging. | 2021-03-17 | not yet calculated | CVE-2020-35456 MISC MISC |
tor_project — tor | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. | 2021-03-19 | not yet calculated | CVE-2021-28090 CONFIRM CONFIRM MISC |
tor_project — tor | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | 2021-03-19 | not yet calculated | CVE-2021-28089 CONFIRM MISC |
tranzware — e-commerce_payment_gateway |
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. | 2021-03-19 | not yet calculated | CVE-2021-28110 MISC |
tranzware — e-commerce_payment_gateway |
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability | 2021-03-19 | not yet calculated | CVE-2021-28126 MISC |
tranzware — fimi |
TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). | 2021-03-19 | not yet calculated | CVE-2021-28109 MISC MISC |
ua-parser-js — ua-parser-js |
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. | 2021-03-17 | not yet calculated | CVE-2021-27292 MISC MISC MISC |
unisys — stealth |
In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. | 2021-03-18 | not yet calculated | CVE-2021-3141 MISC |
urlib3 — urlib3 |
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn’t given via proxy_config) doesn’t verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | 2021-03-15 | not yet calculated | CVE-2021-28363 CONFIRM MISC CONFIRM CONFIRM |
utimaco — securityserver |
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. | 2021-03-18 | not yet calculated | CVE-2020-26155 MISC MISC |
varnish — varnish-modules |
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers. | 2021-03-16 | not yet calculated | CVE-2021-28543 FEDORA MISC |
vhs — vhs |
The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper. | 2021-03-16 | not yet calculated | CVE-2021-28381 MISC |
visual_code_studio — visual_code_studio | The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. | 2021-03-18 | not yet calculated | CVE-2021-28794 MISC MISC |
visual_code_studio — visual_code_studio |
The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace. | 2021-03-18 | not yet calculated | CVE-2021-28791 MISC |
visual_code_studio — visual_code_studio |
The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace. | 2021-03-18 | not yet calculated | CVE-2021-28790 MISC |
visual_code_studio — visual_code_studio |
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace. | 2021-03-18 | not yet calculated | CVE-2021-28789 MISC |
western_digital — g-technology_armorlock_nvme |
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. | 2021-03-19 | not yet calculated | CVE-2021-28653 MISC |
wiki.js — wiki.js |
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render. | 2021-03-18 | not yet calculated | CVE-2021-21383 MISC MISC CONFIRM |
wireshark — wireshark |
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. | 2021-03-15 | not yet calculated | CVE-2021-22191 CONFIRM MISC MISC |
wordpress — wordpress | Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. | 2021-03-18 | not yet calculated | CVE-2021-24149 CONFIRM |
wordpress — wordpress | Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+). | 2021-03-18 | not yet calculated | CVE-2021-24131 CONFIRM |
wordpress — wordpress | The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if “Role Options” is turn on for other users) to perform a SQL Injection attacks. | 2021-03-18 | not yet calculated | CVE-2021-24132 CONFIRM |
wordpress — wordpress | Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. | 2021-03-18 | not yet calculated | CVE-2021-24134 CONFIRM |
wordpress — wordpress | Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation. | 2021-03-18 | not yet calculated | CVE-2021-24127 CONFIRM |
wordpress — wordpress | Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML. | 2021-03-18 | not yet calculated | CVE-2021-24135 CONFIRM |
wordpress — wordpress | Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. | 2021-03-18 | not yet calculated | CVE-2021-24126 CONFIRM |
wordpress — wordpress | Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: – Author – Job Title – Location – Company – Email – URL | 2021-03-18 | not yet calculated | CVE-2021-24136 CONFIRM |
wordpress — wordpress | Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. | 2021-03-18 | not yet calculated | CVE-2021-24137 CONFIRM |
wordpress — wordpress | Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. | 2021-03-18 | not yet calculated | CVE-2021-24139 CONFIRM |
wordpress — wordpress | Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=’ or sleep(5)#&type=test. | 2021-03-18 | not yet calculated | CVE-2021-24140 CONFIRM |
wordpress — wordpress | Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. | 2021-03-18 | not yet calculated | CVE-2021-24143 CONFIRM |
wordpress — wordpress | Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the ‘text/csv’ content-type in the request. | 2021-03-18 | not yet calculated | CVE-2021-24145 CONFIRM |
wordpress — wordpress | A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. | 2021-03-18 | not yet calculated | CVE-2021-24148 CONFIRM |
wordpress — wordpress |
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | 2021-03-18 | not yet calculated | CVE-2021-24123 CONFIRM |
wordpress — wordpress |
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the ‘Description/biography’ of a member. | 2021-03-18 | not yet calculated | CVE-2021-24128 CONFIRM |
wordpress — wordpress |
Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. | 2021-03-18 | not yet calculated | CVE-2021-24124 CONFIRM |
wordpress — wordpress |
Unvalidated input in the Contact Form Submissions WordPress plugin, versions 1.6.4 and before, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) | 2021-03-18 | not yet calculated | CVE-2021-24125 CONFIRM |
wordpress — wordpress |
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation. | 2021-03-18 | not yet calculated | CVE-2021-24129 CONFIRM |
wordpress — wordpress |
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+). | 2021-03-18 | not yet calculated | CVE-2021-24130 CONFIRM |
wordpress — wordpress |
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker’s account. | 2021-03-18 | not yet calculated | CVE-2021-24133 CONFIRM |
wordpress — wordpress |
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param “id”. This requires an admin privileged user. | 2021-03-18 | not yet calculated | CVE-2021-24138 CONFIRM |
wordpress — wordpress |
Unvaludated input in the 301 Redirects – Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its “Redirect From” column when importing a CSV file, allowing high privilege users to perform SQL injections. | 2021-03-18 | not yet calculated | CVE-2021-24142 CONFIRM |
wordpress — wordpress |
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. | 2021-03-18 | not yet calculated | CVE-2021-24144 CONFIRM |
wordpress — wordpress |
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. | 2021-03-18 | not yet calculated | CVE-2021-24146 CONFIRM |
wordpress — wordpress |
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event. | 2021-03-18 | not yet calculated | CVE-2021-24147 CONFIRM |
wowonder — wowonder |
In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. | 2021-03-18 | not yet calculated | CVE-2021-26935 MISC MISC |
wrongthink — wrongthink |
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0. | 2021-03-19 | not yet calculated | CVE-2021-21387 CONFIRM |
zen — cart |
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. | 2021-03-19 | not yet calculated | CVE-2020-6578 MISC MISC |
zoho — manageengine_desktop_central |
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITYSYSTEM. | 2021-03-18 | not yet calculated | CVE-2020-9367 CONFIRM |
zoom — zoom |
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant’s screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue. | 2021-03-18 | not yet calculated | CVE-2021-28133 FULLDISC MISC MISC MISC MISC MISC |
zyxel — lte4506-m606_v1.00_devices |
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network. | 2021-03-16 | not yet calculated | CVE-2020-28899 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.