US-CERT Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Original release date: April 19, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dreamreport — dream_report A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. 2021-04-09 7.2 CVE-2020-13532
MISC
fluidsynth — fluidsynth FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library. 2021-04-13 7.5 CVE-2021-28421
MISC
MISC
google — android In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766 2021-04-13 10 CVE-2021-0430
MISC
indionetworks — unibox_u50_firmware Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device. 2021-04-09 9.3 CVE-2020-21884
MISC
MISC
MISC
indionetworks — unibox_u50_firmware Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. 2021-04-09 9 CVE-2020-21883
MISC
MISC
MISC
microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. 2021-04-13 10 CVE-2021-28480
MISC
microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483. 2021-04-13 10 CVE-2021-28481
MISC
microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483. 2021-04-13 9 CVE-2021-28482
MISC
microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482. 2021-04-13 7.7 CVE-2021-28483
MISC
microsoft — windows_10 Azure AD Web Sign-in Security Feature Bypass Vulnerability 2021-04-13 7.5 CVE-2021-27092
MISC
microsoft — windows_10 Windows Hyper-V Denial of Service Vulnerability 2021-04-13 7.8 CVE-2021-26416
MISC
online_book_store_project — online_book_store SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. 2021-04-09 7.5 CVE-2020-23763
MISC
MISC
openclinic_ga_project — openclinic_ga An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-04-13 7.5 CVE-2020-27236
MISC
openclinic_ga_project — openclinic_ga An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-04-13 7.5 CVE-2020-27235
MISC
openclinic_ga_project — openclinic_ga An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-04-13 7.5 CVE-2020-27234
MISC
openclinic_ga_project — openclinic_ga An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-04-13 7.5 CVE-2020-27233
MISC
rust-lang — rust In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics. 2021-04-14 7.5 CVE-2021-31162
MISC
MISC
sonicwall — email_security A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. 2021-04-09 7.5 CVE-2021-20021
CONFIRM
sonicwall — global_management_system A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. 2021-04-10 10 CVE-2021-20020
CONFIRM
trendmicro — apex_one An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-04-13 7.2 CVE-2021-25250
N/A
N/A
N/A
trendmicro — apex_one An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-04-13 7.2 CVE-2021-25253
N/A
N/A
N/A
trendmicro — apex_one An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-04-13 7.2 CVE-2021-28645
N/A
N/A
N/A
windriver — vxworks An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client. 2021-04-13 7.5 CVE-2021-29998
MISC
windriver — vxworks An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server. 2021-04-13 7.5 CVE-2021-29999
MISC
zerof — expert The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint. 2021-04-13 7.5 CVE-2021-30176
MISC
MISC
zerof — web_server ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. 2021-04-13 7.5 CVE-2021-30175
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accessally — accessally In the AccessAlly WordPress plugin before 3.5.7, the file “resource/frontend/product/product-shortcode.php” responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required. 2021-04-12 5 CVE-2021-24226
CONFIRM
atlassian — data_center The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. 2021-04-09 5 CVE-2020-36287
MISC
dreamreport — dream_report A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. 2021-04-09 6.8 CVE-2020-13534
MISC
dreamreport — dream_report A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. 2021-04-09 4.4 CVE-2020-13533
MISC
fortinet — fortiadc A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users’ password in log files. 2021-04-12 4 CVE-2021-24024
CONFIRM
google — android In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090 2021-04-13 5.4 CVE-2021-0433
MISC
google — android In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-152064592 2021-04-13 4.4 CVE-2021-0438
MISC
google — android In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173552790 2021-04-13 4.4 CVE-2021-0432
MISC
google — android In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985 2021-04-13 4.6 CVE-2021-0442
MISC
google — android In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174243830 2021-04-13 4.6 CVE-2021-0439
MISC
google — android In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330 2021-04-13 4.6 CVE-2021-0437
MISC
google — android In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139 2021-04-13 4.6 CVE-2021-0429
MISC
google — android In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174485572 2021-04-13 4.6 CVE-2021-0426
MISC
google — android In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451 2021-04-13 5 CVE-2021-0435
MISC
google — android In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901 2021-04-13 5 CVE-2021-0431
MISC
google — android In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174488848 2021-04-13 4.6 CVE-2021-0427
MISC
google — chrome Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 6.8 CVE-2021-21195
MISC
MISC
google — chrome Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 6.8 CVE-2021-21194
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 6.8 CVE-2021-21196
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 6.8 CVE-2021-21197
MISC
MISC
google — chrome Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 6.8 CVE-2021-21199
MISC
MISC
google — chrome Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2021-04-09 4.3 CVE-2021-21198
MISC
MISC
ibm — collaborative_lifecycle_management IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. 2021-04-12 5 CVE-2020-4965
XF
CONFIRM
ibm — collaborative_lifecycle_management IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441. 2021-04-12 4.3 CVE-2021-20519
XF
CONFIRM
ibm — collaborative_lifecycle_management IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419. 2021-04-12 4 CVE-2020-4964
XF
CONFIRM
ibm — collaborative_lifecycle_management IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396. 2021-04-12 4.3 CVE-2020-4920
XF
CONFIRM
intelliants — subrion Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the “payment gateway” column on transactions tab. 2021-04-09 4.3 CVE-2020-23761
MISC
MISC
libsixel_project — libsixel Buffer Overflow in the “sixel_encoder_encode_bytes” function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). 2021-04-14 5 CVE-2020-36120
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a “hidden” user exists. 2021-04-09 4 CVE-2021-30156
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to “protect” a page, a user is currently able to protect to a higher level than they currently have permissions for. 2021-04-09 4 CVE-2021-30152
MISC
DEBIAN
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. 2021-04-09 4 CVE-2021-30155
MISC
DEBIAN
microsoft — team_foundation_server Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability 2021-04-13 4 CVE-2021-27067
MISC
microsoft — visual_studio Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322. 2021-04-13 4.6 CVE-2021-28321
MISC
microsoft — visual_studio Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322. 2021-04-13 4.6 CVE-2021-28313
MISC
microsoft — visual_studio Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321. 2021-04-13 4.6 CVE-2021-28322
MISC
microsoft — visual_studio_2017 Visual Studio Installer Elevation of Privilege Vulnerability 2021-04-13 4.6 CVE-2021-27064
MISC
microsoft — visual_studio_code Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475. 2021-04-13 6.8 CVE-2021-28477
MISC
microsoft — visual_studio_code Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28477. 2021-04-13 6.8 CVE-2021-28475
MISC
microsoft — visual_studio_code Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28475, CVE-2021-28477. 2021-04-13 6.8 CVE-2021-28473
MISC
microsoft — windows_10 Windows Application Compatibility Cache Denial of Service Vulnerability 2021-04-13 4.3 CVE-2021-28311
MISC
microsoft — windows_10 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability 2021-04-13 4.6 CVE-2021-28320
MISC
microsoft — windows_10 Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27095. 2021-04-13 4.6 CVE-2021-28315
MISC
microsoft — windows_10 Windows Hyper-V Elevation of Privilege Vulnerability 2021-04-13 4.6 CVE-2021-28314
MISC
microsoft — windows_10 Windows NTFS Denial of Service Vulnerability 2021-04-13 4.3 CVE-2021-28312
MISC
microsoft — windows_10 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072. 2021-04-13 4.6 CVE-2021-28310
MISC
microsoft — windows_10 NTFS Elevation of Privilege Vulnerability 2021-04-13 4.6 CVE-2021-27096
MISC
microsoft — windows_10 Windows Secure Kernel Mode Elevation of Privilege Vulnerability 2021-04-13 4.6 CVE-2021-27090
MISC
microsoft — windows_10 Windows AppX Deployment Server Denial of Service Vulnerability 2021-04-13 4.3 CVE-2021-28326
MISC
microsoft — windows_10 Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328. 2021-04-13 4 CVE-2021-28323
MISC
microsoft — windows_10 Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28324. 2021-04-13 4 CVE-2021-28325
MISC
microsoft — windows_10 Windows Event Tracing Elevation of Privilege Vulnerability 2021-04-13 4.6 CVE-2021-27088
MISC
microsoft — windows_10 Windows Services and Controller App Elevation of Privilege Vulnerability 2021-04-13 4.6 CVE-2021-27086
MISC
MISC
microsoft — windows_10 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310. 2021-04-13 4.6 CVE-2021-27072
MISC
microsoft — windows_10 Microsoft Internet Messaging API Remote Code Execution Vulnerability 2021-04-13 6.8 CVE-2021-27089
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358. 2021-04-13 6.5 CVE-2021-28434
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28434. 2021-04-13 6.5 CVE-2021-28358
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28358, CVE-2021-28434. 2021-04-13 6.5 CVE-2021-28357
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 6.5 CVE-2021-28356
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 6.5 CVE-2021-28355
MISC
microsoft — windows_10 Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28315. 2021-04-13 6.8 CVE-2021-27095
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 6.5 CVE-2021-28354
MISC
microsoft — windows_10 Windows Media Photo Codec Information Disclosure Vulnerability 2021-04-13 6.3 CVE-2021-27079
MISC
microsoft — windows_10 Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28439. 2021-04-13 5 CVE-2021-28319
MISC
microsoft — windows_10 Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28325. 2021-04-13 5 CVE-2021-28324
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 6.5 CVE-2021-28353
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 6.5 CVE-2021-28352
MISC
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 6.5 CVE-2021-28346
MISC
microsoft — windows_10 Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440. 2021-04-13 4.6 CVE-2021-26415
MISC
MISC
microsoft — windows_7 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability 2021-04-13 4.6 CVE-2021-27091
MISC
open-emr — openemr SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. 2021-04-13 6.5 CVE-2020-13568
MISC
open-emr — openemr SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. 2021-04-13 6.5 CVE-2020-13566
MISC
patreon — patreon_wordpress The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies. 2021-04-12 5 CVE-2021-24227
MISC
CONFIRM
patreon — patreon_wordpress The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content. 2021-04-12 5.8 CVE-2021-24230
MISC
CONFIRM
patreon — patreon_wordpress The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of the error logging logic behind the scene allowed user-controlled input to be reflected on the login page, unsanitized. 2021-04-12 6.8 CVE-2021-24228
MISC
CONFIRM
patreon — patreon_wordpress The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link. 2021-04-12 4.3 CVE-2021-24231
MISC
CONFIRM
patreon — patreon_wordpress The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the ‘manage_options’ privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability. 2021-04-12 6.8 CVE-2021-24229
MISC
CONFIRM
perforce — helix_alm XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. 2021-04-13 6.4 CVE-2021-29997
MISC
rukovoditel — project_management An exploitable SQL injection vulnerability exists in the “forms_fields_rules/rules” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. 2021-04-09 6.8 CVE-2020-13587
MISC
rukovoditel — project_management An exploitable SQL injection vulnerability exists in the “access_rules/rules_form” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. 2021-04-09 6.8 CVE-2020-13591
MISC
rukovoditel — project_management An exploitable SQL injection vulnerability exists in “global_lists/choices” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. 2021-04-09 6.8 CVE-2020-13592
MISC
skyworthdigital — rn510_firmware Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). 2021-04-09 4.3 CVE-2021-25327
MISC
skyworthdigital — rn510_firmware Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device. 2021-04-09 6.5 CVE-2021-25328
MISC
sonicwall — email_security SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. 2021-04-09 6.5 CVE-2021-20022
CONFIRM
tms-outsource — wpdatatables The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table. 2021-04-12 5.5 CVE-2021-24197
MISC
MISC
CONFIRM
tms-outsource — wpdatatables The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table. 2021-04-12 5.5 CVE-2021-24198
MISC
MISC
CONFIRM
tms-outsource — wpdatatables The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the ‘start’ HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application. 2021-04-12 4 CVE-2021-24199
MISC
MISC
CONFIRM
tms-outsource — wpdatatables The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the ‘length’ HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application. 2021-04-12 4 CVE-2021-24200
MISC
MISC
CONFIRM
trendmicro — password_manager Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program. 2021-04-13 4.4 CVE-2021-28647
N/A
wikimedia — parsoid An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. 2021-04-09 4.3 CVE-2021-30458
MISC
MISC
x2engine — x2crm Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the “New Name” field of the “Rename a Module” tool. 2021-04-14 4.3 CVE-2020-21087
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
appspace — appspace Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. 2021-04-14 3.5 CVE-2021-27989
MISC
google — android In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496160 2021-04-13 2.1 CVE-2021-0436
MISC
google — android In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-170474245 2021-04-13 1.9 CVE-2021-0443
MISC
google — android In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173421434 2021-04-13 2.1 CVE-2021-0428
MISC
google — android In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690 2021-04-13 2.1 CVE-2021-0400
MISC
htmly — htmly htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php. 2021-04-13 3.5 CVE-2021-30637
MISC
MISC
ibm — spectrum_scale IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478. 2021-04-09 1.9 CVE-2021-29671
XF
CONFIRM
larsens_calendar_project — larsens_calendar Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the “titel” column on the “Eintrage hinzufugen” tab. 2021-04-09 3.5 CVE-2020-23762
MISC
MISC
microsoft — windows_10 Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093. 2021-04-13 2.1 CVE-2021-28309
MISC
microsoft — windows_10 Windows Event Tracing Information Disclosure Vulnerability 2021-04-13 2.1 CVE-2021-28435
MISC
microsoft — windows_10 Windows GDI+ Information Disclosure Vulnerability 2021-04-13 2.1 CVE-2021-28318
MISC
microsoft — windows_10 Microsoft Windows Codecs Library Information Disclosure Vulnerability 2021-04-13 2.1 CVE-2021-28317
MISC
microsoft — windows_10 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability 2021-04-13 2.1 CVE-2021-28316
MISC
microsoft — windows_10 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447. 2021-04-13 2.1 CVE-2021-27094
MISC
microsoft — windows_10 Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309. 2021-04-13 2.1 CVE-2021-27093
MISC
microsoft — windows_10 Windows Overlay Filter Information Disclosure Vulnerability 2021-04-13 2.1 CVE-2021-26417
MISC
remoteclinic — remoteclinic Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. 2021-04-13 3.5 CVE-2021-30044
MISC
remoteclinic — remoteclinic Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. 2021-04-13 3.5 CVE-2021-30030
MISC
remoteclinic — remoteclinic Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. 2021-04-13 3.5 CVE-2021-30034
MISC
remoteclinic — remoteclinic Cross Site Scripting (XSS) in Remote Clinic v2.0 via the “Fever” or “Blood Pressure” field on the patients/register-report.php. 2021-04-13 3.5 CVE-2021-30039
MISC
remoteclinic — remoteclinic Cross Site Scripting (XSS) in Remote Clinic v2.0 via the “Clinic Name”, “Clinic Address”, “Clinic City”, or “Clinic Contact” field on clinics/register.php 2021-04-13 3.5 CVE-2021-30042
MISC
sap — manufacturing_execution SAP Manufacturing Execution (System Rules), versions – 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored Cross-Site Scripting (XSS) vulnerability. The malicious code can be used for different purposes. e.g., information can be read, modified, and sent to the attacker. However, availability of the server cannot be impacted. 2021-04-13 3.5 CVE-2021-27600
MISC
MISC
skyworthdigital — rn510_firmware Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed. 2021-04-09 3.5 CVE-2021-25326
MISC
trendmicro — apex_one An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. 2021-04-13 2.1 CVE-2021-28646
N/A
N/A

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
a12n-server — a12nserver
 
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2. 2021-04-16 not yet calculated CVE-2021-29452
CONFIRM
MISC
accusoft — imagegear
 
An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2021-04-13 not yet calculated CVE-2021-21784
MISC
adobe — bridge Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-04-15 not yet calculated CVE-2021-21095
MISC
MISC
adobe — bridge Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-04-15 not yet calculated CVE-2021-21094
MISC
MISC
adobe — bridge Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-04-15 not yet calculated CVE-2021-21093
MISC
MISC
adobe — bridge
 
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction. 2021-04-15 not yet calculated CVE-2021-21096
MISC
MISC
adobe — bridge
 
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-04-15 not yet calculated CVE-2021-21092
MISC
MISC
adobe — bridge
 
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-04-15 not yet calculated CVE-2021-21091
MISC
MISC
adobe — coldfusion
 
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction. 2021-04-15 not yet calculated CVE-2021-21087
MISC
adobe — digital_editions
 
Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-04-15 not yet calculated CVE-2021-21100
MISC
adobe — genuine_service Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction. 2021-04-16 not yet calculated CVE-2020-9681
MISC
adobe — genuine_service Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user. 2021-04-16 not yet calculated CVE-2020-9668
MISC
adobe — genuine_service
 
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. 2021-04-16 not yet calculated CVE-2020-9667
MISC
adobe — photoshop Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-04-15 not yet calculated CVE-2021-28548
MISC
adobe — photoshop
 
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-04-15 not yet calculated CVE-2021-28549
MISC
advanced_authentication — advanced_authentication
 
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. 2021-04-12 not yet calculated CONFIRM
ajaxsearchpro — ajaxsearchpro
 
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution. 2021-04-14 not yet calculated CVE-2021-29654
MISC
ampache — ampache
 
Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and workaround guidance see the referenced GitHub security advisory. 2021-04-13 not yet calculated CVE-2021-21399
CONFIRM
anuko — time_tracker
 
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed(). 2021-04-13 not yet calculated CVE-2021-29436
MISC
MISC
CONFIRM
apache — commons_io
 
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like “//../foo”, or “\\..\foo”, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus “limited” path traversal), if the calling code would use the result to construct a path value. 2021-04-13 not yet calculated CVE-2021-29425
MISC
MLIST
MISC
MLIST
apache — openoffice
 
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink. 2021-04-15 not yet calculated CVE-2021-30245
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
apache — solr
 
The ReplicationHandler (normally registered at “/replication” under a Solr core) in Apache Solr has a “masterUrl” (also “leaderUrl” alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the “shards” parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. 2021-04-13 not yet calculated CVE-2021-27905
MISC
apache — solr
 
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. 2021-04-13 not yet calculated CVE-2021-29943
MISC
apache — solr
 
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. 2021-04-13 not yet calculated CVE-2021-29262
MISC
apache — tapestry
 
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later. 2021-04-15 not yet calculated CVE-2021-27850
MLIST
MISC
appspace — appspace
 
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. 2021-04-14 not yet calculated CVE-2021-27990
MISC
MISC
asus — multiple_routers
 
In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP’s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. 2021-04-12 not yet calculated CVE-2021-3128
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
atlassian — connect_express
 
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions between 3.0.2 – 6.5.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. 2021-04-16 not yet calculated CVE-2021-26073
MISC
N/A
atlassian — connect_spring_boot
 
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 – 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. 2021-04-16 not yet calculated CVE-2021-26074
N/A
N/A
atlassian — jira_server_and_data_center
 
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. 2021-04-15 not yet calculated CVE-2020-36288
MISC
atlassian — jira_server_and_data_center
 
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename. 2021-04-15 not yet calculated CVE-2021-26075
MISC
atlassian — jira_server_and_data_center
 
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https. 2021-04-15 not yet calculated CVE-2021-26076
MISC
b2evolution — b2evolution
 
SQL Injection in the “evoadm.php” component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the “cf_name” parameter when creating a new filter under the “Collections” tab. 2021-04-15 not yet calculated CVE-2021-28242
MISC
MISC
binutils — binutils
 
There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. 2021-04-15 not yet calculated CVE-2021-3487
MISC
bitdefender — safepay
 
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser’s file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29. 2021-04-12 not yet calculated CVE-2020-15734
MISC
c-bus — toolkit A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded. 2021-04-13 not yet calculated CVE-2021-22719
MISC
c-bus — toolkit
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files. 2021-04-13 not yet calculated CVE-2021-22717
MISC
c-bus — toolkit
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files. 2021-04-13 not yet calculated CVE-2021-22718
MISC
c-bus — toolkit
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project. 2021-04-13 not yet calculated CVE-2021-22720
MISC
c-bus — toolkit
 
A CWE-269: Improper Privilege Management vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when an unprivileged user modifies a file. 2021-04-13 not yet calculated CVE-2021-22716
MISC
casap — automated_enrollement_system
 
CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter. 2021-04-15 not yet calculated CVE-2021-27129
MISC
centreon — platform
 
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user. 2021-04-15 not yet calculated CVE-2021-28055
MISC
ceph — ceph
 
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn’t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-04-15 not yet calculated CVE-2021-20288
MISC
chrono-node — chrono-node
 
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. 2021-04-12 not yet calculated CVE-2021-23371
CONFIRM
CONFIRM
CONFIRM
corsori — smart_5.8-quart_air_fryer_cs158-af
 
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. 2021-04-15 not yet calculated CVE-2020-28593
MISC
corsori — smart_5.8-quart_air_fryer_cs158-af
 
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. 2021-04-15 not yet calculated CVE-2020-28592
MISC
d-link — dap-2020_devices
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. 2021-04-14 not yet calculated CVE-2021-27248
MISC
MISC
d-link — dap-2020_devices
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369. 2021-04-14 not yet calculated CVE-2021-27249
MISC
MISC
d-link — dap-2020_devices
 
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. 2021-04-14 not yet calculated CVE-2021-27250
MISC
MISC
d-link — dir-802_devices
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-04-12 not yet calculated CVE-2021-29379
MISC
MISC
MISC
d-link — dir-816_devices An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the”‘s_ip” and “s_mac” fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. 2021-04-14 not yet calculated CVE-2021-27114
MISC
MISC
d-link — dir-816_devices
 
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. 2021-04-14 not yet calculated CVE-2021-27113
MISC
MISC
dart — dart
 
The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669. 2021-04-15 not yet calculated CVE-2021-31402
MISC
deark — deark In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize. 2021-04-14 not yet calculated CVE-2021-28856
MISC
MISC
deark — deark
 
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c). 2021-04-14 not yet calculated CVE-2021-28855
MISC
MISC
dell — peripheral_manager
 
Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. 2021-04-12 not yet calculated CVE-2021-21545
MISC
dell — srm
 
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. 2021-04-12 not yet calculated CVE-2021-21524
MISC
devolutions — server
 
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. 2021-04-14 not yet calculated CVE-2021-28157
CONFIRM
devolutions — server
 
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. 2021-04-14 not yet calculated CVE-2021-28048
CONFIRM
django — debug_toolbar
 
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form. 2021-04-14 not yet calculated CVE-2021-30459
MISC
CONFIRM
CONFIRM
eaton — intelligent_power_manager Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow attackers to control the input to the function and execute attacker controlled commands. 2021-04-13 not yet calculated CVE-2021-23277
MISC
eaton — intelligent_power_manager Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code. 2021-04-13 not yet calculated CVE-2021-23281
MISC
eaton — intelligent_power_manager
 
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base. 2021-04-13 not yet calculated CVE-2021-23276
MISC
eaton — intelligent_power_manager
 
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. 2021-04-13 not yet calculated CVE-2021-23279
MISC
eaton — intelligent_power_manager
 
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability. 2021-04-13 not yet calculated CVE-2021-23280
MISC
eaton — intelligent_power_manager
 
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. 2021-04-13 not yet calculated CVE-2021-23278
MISC
exif — exif
 
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. 2021-04-14 not yet calculated CVE-2021-27815
MISC
MISC
MISC
ezxml — ezxml An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap). 2021-04-16 not yet calculated CVE-2021-31347
MISC
ezxml — ezxml
 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. 2021-04-11 not yet calculated CVE-2021-30485
MISC
ezxml — ezxml
 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. 2021-04-15 not yet calculated CVE-2021-31229
MISC
ezxml — ezxml
 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure). 2021-04-16 not yet calculated CVE-2021-31348
MISC
fatek — automation_win_proladder
 
FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code. 2021-04-12 not yet calculated CVE-2021-27486
MISC
forescout — counteract
 
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking. 2021-04-14 not yet calculated CVE-2021-28098
MISC
MISC
MISC
fortinet — fortios
 
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. 2021-04-12 not yet calculated CVE-2019-17656
CONFIRM
CONFIRM
fortinet — fortiweb
 
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet’s FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. 2021-04-12 not yet calculated CVE-2020-15942
CONFIRM
CONFIRM
gargoyle — gargoyle_os
 
In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP’s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. 2021-04-12 not yet calculated CVE-2021-23270
MISC
genexis — platinum_4410_2.1_p4410-v2-1.28_devices
 
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI. 2021-04-13 not yet calculated CVE-2021-29003
MISC
MISC
gitlab — workhorse
 
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token 2021-04-12 not yet calculated CVE-2021-22190
CONFIRM
MISC
MISC
google — android

 

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172252122 2021-04-13 not yet calculated CVE-2021-0446
MISC
google — android
 
In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-178825358 2021-04-13 not yet calculated CVE-2021-0444
MISC
google — android
 
In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272 2021-04-13 not yet calculated CVE-2021-0468
MISC
google — android
 
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786 2021-04-13 not yet calculated CVE-2021-0471
MISC
google — android
 
In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781 2021-04-15 not yet calculated CVE-2021-0488
MISC
google — android
 
In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android ID: A-172322502 2021-04-13 not yet calculated CVE-2021-0445
MISC
gpac — gpac
 
NULL Pointer Dereference in the “isomedia/track.c” module’s “MergeTrack()” function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. 2021-04-14 not yet calculated CVE-2021-28300
MISC
gradle — gradle
 
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system’s umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. 2021-04-12 not yet calculated CVE-2021-29429
MISC
CONFIRM
gradle — gradle
 
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the “sticky” bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the “sticky” bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory. 2021-04-13 not yet calculated CVE-2021-29428
MISC
MISC
MISC
CONFIRM
gradle — gradle
 
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the “A Confusing Dependency” blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced. 2021-04-13 not yet calculated CVE-2021-29427
MISC
CONFIRM
grav — grav
 
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11. 2021-04-13 not yet calculated CVE-2021-29440
CONFIRM
MISC
grav — grav
 
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller’s privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation. 2021-04-13 not yet calculated CVE-2021-29439
CONFIRM
group_office — group_office Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. 2021-04-14 not yet calculated CVE-2020-35419
MISC
group_office — group_office
 
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. 2021-04-14 not yet calculated CVE-2020-35418
MISC
group_office — group_office
 
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. 2021-04-14 not yet calculated CVE-2021-28060
MISC
MISC
handlebars — handlebars
 
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. 2021-04-12 not yet calculated CVE-2021-23369
MISC
MISC
MISC
MISC
MISC
MISC
hewlett_packard_enterprises — icewall
 
A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). 2021-04-15 not yet calculated CVE-2021-26582
MISC
ibm — spectrum_protect_server
 
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792. 2021-04-16 not yet calculated CVE-2021-20491
XF
CONFIRM
intelbras — telephone_ip_tip200
 
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. 2021-04-12 not yet calculated CVE-2020-24285
MISC
MISC
intelbras — win_300_and_wrn_342_devices
 
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. 2021-04-14 not yet calculated CVE-2021-3017
MISC
MISC
jitsi — meet
 
Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the “sessionpriv.php” module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. 2021-04-14 not yet calculated CVE-2021-26812
MISC
joomla! — joomla!
 
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI. 2021-04-14 not yet calculated CVE-2021-26031
MISC
joomla! — joomla!
 
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page 2021-04-14 not yet calculated CVE-2021-26030
MISC
jose — jose
 
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `^1.28.1 || ^2.0.5 || >=3.11.4`. Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4. Thanks to Jason from Microsoft Vulnerability Research (MSVR) for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory. 2021-04-16 not yet calculated CVE-2021-29443
CONFIRM
MISC
jose — jose
 
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`. 2021-04-16 not yet calculated CVE-2021-29444
CONFIRM
MISC
jose — jose
 
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`. 2021-04-16 not yet calculated CVE-2021-29445
CONFIRM
MISC
jose — jose
 
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`. 2021-04-16 not yet calculated CVE-2021-29446
CONFIRM
MISC
json — json
 
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above. 2021-04-16 not yet calculated CVE-2021-22539
MISC
MISC
lavalite — lavalite
 
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. 2021-04-14 not yet calculated CVE-2020-28124
MISC
lenovo — power_management_driver
 
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. 2021-04-13 not yet calculated CVE-2021-3463
MISC
lenovo — power_management_driver
 
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver’s device object. 2021-04-13 not yet calculated CVE-2021-3462
MISC
lenovo — xclarity_controller
 
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC. 2021-04-13 not yet calculated CVE-2021-3473
MISC
liberty — lispbx
 
In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords. 2021-04-12 not yet calculated CVE-2019-15059
MISC
lightcms — lightcms
 
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. 2021-04-15 not yet calculated CVE-2021-27112
MISC
linux — linux_kernel
 
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. 2021-04-17 not yet calculated CVE-2021-3493
MISC
MISC
MISC
linux — linux_kernel
 
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1. 2021-04-14 not yet calculated CVE-2021-25316
CONFIRM
linux — linux_kernel
 
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. 2021-04-17 not yet calculated CVE-2021-3492
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. 2021-04-14 not yet calculated CVE-2020-36322
MISC
MISC
linux — linux_kernel
 
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. 2021-04-14 not yet calculated CVE-2021-25314
CONFIRM
lotus — lotus
 
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: “serialized”, and “compressed”, meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393. 2021-04-15 not yet calculated CVE-2021-21405
MISC
MISC
CONFIRM
mcafee — advanced_threat_defense
 
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. 2021-04-15 not yet calculated CVE-2020-7269
CONFIRM
mcafee — advanced_threat_defense
 
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. 2021-04-15 not yet calculated CVE-2020-7270
CONFIRM
mcafee — content_security_reporter
 
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR. 2021-04-15 not yet calculated CVE-2021-23884
CONFIRM
mcafee — data_loss_prevention Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory. 2021-04-15 not yet calculated CVE-2021-23886
CONFIRM
CONFIRM
mcafee — data_loss_prevention
 
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver. 2021-04-15 not yet calculated CVE-2021-23887
CONFIRM
CONFIRM
mcafee — endpoint_security
 
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses. 2021-04-15 not yet calculated CVE-2020-7308
CONFIRM
mdaemon — mdaemon An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user. 2021-04-14 not yet calculated CVE-2021-27182
MISC
MISC
mdaemon — mdaemon An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the value of the anti-CSRF token, the attacker may trick the user into visiting his malicious page and performing any request with the privileges of attacked user. 2021-04-14 not yet calculated CVE-2021-27181
MISC
MISC
mdaemon — mdaemon
 
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution. 2021-04-14 not yet calculated CVE-2021-27183
MISC
MISC
mdaemon — mdaemon
 
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user. 2021-04-14 not yet calculated CVE-2021-27180
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain “fast double move” situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it’s only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. 2021-04-09 not yet calculated CVE-2021-30159
MISC
DEBIAN
mendix — multiple_versions
 
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges. 2021-04-16 not yet calculated CVE-2021-27394
CONFIRM
micro_focus — operations_agent
 
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent. 2021-04-13 not yet calculated CVE-2021-22505
MISC
microsoft — azure
 
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability 2021-04-13 not yet calculated CVE-2021-28458
MISC
microsoft — azure
 
Azure Sphere Unsigned Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28460
MISC
microsoft — azure
 
Azure DevOps Server Spoofing Vulnerability 2021-04-13 not yet calculated CVE-2021-28459
MISC
FULLDISC
MISC
microsoft — excel Microsoft Excel Information Disclosure Vulnerability 2021-04-13 not yet calculated CVE-2021-28456
MISC
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28451. 2021-04-13 not yet calculated CVE-2021-28454
MISC
MISC
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28454. 2021-04-13 not yet calculated CVE-2021-28451
MISC
microsoft — office
 
Microsoft Office Remote Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28449
MISC
microsoft — outlook
 
Microsoft Outlook Memory Corruption Vulnerability 2021-04-13 not yet calculated CVE-2021-28452
MISC
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28468. 2021-04-13 not yet calculated CVE-2021-28466
MISC
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28466. 2021-04-13 not yet calculated CVE-2021-28468
MISC
microsoft — sharepoint
 
Microsoft SharePoint Denial of Service Update 2021-04-13 not yet calculated CVE-2021-28450
MISC
microsoft — visual_studio_code Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477. 2021-04-13 not yet calculated CVE-2021-28469
MISC
microsoft — visual_studio_code Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28448
MISC
microsoft — visual_studio_code
 
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28471
MISC
microsoft — visual_studio_code
 
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28470
MISC
microsoft — visual_studio_code
 
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28472
MISC
microsoft — visual_studio_code
 
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration. 2021-04-13 not yet calculated CVE-2021-30503
MISC
MISC
MISC
microsoft — visual_studio_code
 
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration. 2021-04-16 not yet calculated CVE-2021-31414
MISC
MISC
microsoft — visual_studio_code
 
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477. 2021-04-13 not yet calculated CVE-2021-28457
MISC
microsoft — vp9_video_extensions
 
VP9 Video Extensions Remote Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28464
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28330
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28341
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28345
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28334
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28344
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28343
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28342
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28333
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28335
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28338
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28337
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28336
MISC
microsoft — windows Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28323. 2021-04-13 not yet calculated CVE-2021-28328
MISC
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28329
MISC
microsoft — windows
 
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28340
MISC
microsoft — windows
 
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28327
MISC
microsoft — windows
 
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28332
MISC
microsoft — windows
 
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28339
MISC
microsoft — windows
 
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. 2021-04-13 not yet calculated CVE-2021-28331
MISC
microsoft — windows_10 Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28351, CVE-2021-28436. 2021-04-13 not yet calculated CVE-2021-28347
MISC
microsoft — windows_10 Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28351. 2021-04-13 not yet calculated CVE-2021-28436
MISC
microsoft — windows_10 Windows Network File System Remote Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28445
MISC
microsoft — windows_10 Windows Hyper-V Security Feature Bypass Vulnerability 2021-04-13 not yet calculated CVE-2021-28444
MISC
microsoft — windows_10 Windows Hyper-V Information Disclosure Vulnerability 2021-04-13 not yet calculated CVE-2021-28441
MISC
microsoft — windows_10
 
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28349, CVE-2021-28350. 2021-04-13 not yet calculated CVE-2021-28348
MISC
microsoft — windows_10
 
Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28438. 2021-04-13 not yet calculated CVE-2021-28443
MISC
microsoft — windows_10
 
Windows Installer Spoofing Vulnerability 2021-04-13 not yet calculated CVE-2021-26413
MISC
microsoft — windows_10
 
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-27094. 2021-04-13 not yet calculated CVE-2021-28447
MISC
microsoft — windows_10
 
Windows Portmapping Information Disclosure Vulnerability 2021-04-13 not yet calculated CVE-2021-28446
MISC
microsoft — windows_10
 
Windows TCP/IP Information Disclosure Vulnerability 2021-04-13 not yet calculated CVE-2021-28442
MISC
microsoft — windows_10
 
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28350. 2021-04-13 not yet calculated CVE-2021-28349
MISC
microsoft — windows_10
 
Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26415. 2021-04-13 not yet calculated CVE-2021-28440
MISC
microsoft — windows_10
 
Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28319. 2021-04-13 not yet calculated CVE-2021-28439
MISC
microsoft — windows_10
 
Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28443. 2021-04-13 not yet calculated CVE-2021-28438
MISC
microsoft — windows_10
 
Windows Installer Information Disclosure Vulnerability 2021-04-13 not yet calculated CVE-2021-28437
MISC
microsoft — windows_10
 
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28349. 2021-04-13 not yet calculated CVE-2021-28350
MISC
microsoft — windows_10
 
Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28436. 2021-04-13 not yet calculated CVE-2021-28351
MISC
microsoft — word
 
Microsoft Word Remote Code Execution Vulnerability 2021-04-13 not yet calculated CVE-2021-28453
MISC
mongo-express — mongo-express
 
All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. 2021-04-13 not yet calculated CVE-2021-23372
MISC
mongodb — tools
 
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0. 2021-04-12 not yet calculated CVE-2020-7924
MISC
monica — monica
 
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page. 2021-04-14 not yet calculated CVE-2020-35660
MISC
MISC
MISC
monitorr — monitorr
 
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. 2021-04-12 not yet calculated CVE-2020-28872
MISC
MISC
motorola — mh702x_devices
 
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. 2021-04-13 not yet calculated CVE-2021-3460
MISC
multilaser — ac1200_router Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. 2021-04-14 not yet calculated CVE-2021-31152
MISC
netgear — nighthawk_r7800
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216. 2021-04-14 not yet calculated CVE-2021-27252
MISC
MISC
netgear — nighthawk_r7800
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303. 2021-04-14 not yet calculated CVE-2021-27253
MISC
MISC
netgear — nighthawk_r7800
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. 2021-04-14 not yet calculated CVE-2021-27251
MISC
MISC
nextcloud — desktop_client
 
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. 2021-04-14 not yet calculated CVE-2021-22879
MISC
MISC
MISC
nextcloud — nextcloud
 
The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to display HTML in the toast, explicitly pass the `options.isHTML` config flag. 2021-04-13 not yet calculated CVE-2021-29438
CONFIRM
MISC
online_reviewer_system — online_reviewer_system
 
Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. 2021-04-14 not yet calculated CVE-2021-27130
MISC
openclinic_project — openclinic An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-04-15 not yet calculated CVE-2020-27239
MISC
openclinic_project — openclinic
 
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system. 2021-04-13 not yet calculated CVE-2020-27227
MISC
openclinic_project — openclinic
 
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-04-15 not yet calculated CVE-2020-27238
MISC
openclinic_project — openclinic
 
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-04-15 not yet calculated CVE-2020-27237
MISC
openclinic_project — openclinic
 
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. 2021-04-13 not yet calculated CVE-2020-27228
MISC
openjpeg — openjpeg
 
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option “-ImgDir” on a directory that contains 1048576 files. 2021-04-14 not yet calculated CVE-2021-29338
MISC
orchard — orchard
 
An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display. 2021-04-14 not yet calculated CVE-2020-29593
MISC
MISC
orchard — orchard
 
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor’s file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings). 2021-04-14 not yet calculated CVE-2020-29592
MISC
MISC
outsystems — platform_server
 
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. 2021-04-12 not yet calculated CVE-2021-29357
MISC
MISC
papoo — papoo
 
Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges (remote). 2021-04-13 not yet calculated CVE-2021-29054
CONFIRM
CONFIRM
CONFIRM
parallels — desktop
 
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12068. 2021-04-14 not yet calculated CVE-2021-27260
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12021. 2021-04-14 not yet calculated CVE-2021-27259
MISC
MISC
pega — platform
 
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. 2021-04-12 not yet calculated CVE-2020-15390
MISC
perforce — helix_alm
 
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. 2021-04-13 not yet calculated CVE-2021-28973
MISC
phpgurukul — beauty_parlour_management_system
 
SQL Injection in the “add-services.php” component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the “sername” parameter. 2021-04-15 not yet calculated CVE-2021-27545
MISC
MISC
MISC
phpgurukul — beauty_parlour_management_system
 
Cross Site Scripting (XSS) in the “add-services.php” component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the “sername” parameter. 2021-04-15 not yet calculated CVE-2021-27544
MISC
MISC
pi-hole — pi-hole
 
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details. 2021-04-14 not yet calculated CVE-2021-29449
CONFIRM
pi-hole — pi-hole
 
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details. 2021-04-15 not yet calculated CVE-2021-29448
CONFIRM
portofino — portofino
 
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release. 2021-04-16 not yet calculated CVE-2021-29451
MISC
CONFIRM
MISC
postcss — postcss
 
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. 2021-04-12 not yet calculated CVE-2021-23368
MISC
MISC
MISC
MISC
priority — enterprise_management_system
 
Cross Site Scripting (XSS) in the “Reset Password” page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site. 2021-04-14 not yet calculated CVE-2021-26832
MISC
qed — resourcexpress
 
In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation. 2021-04-15 not yet calculated CVE-2020-28898
CONFIRM
qnap — nas_devices
 
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) 2021-04-14 not yet calculated CVE-2021-28797
MISC
qnap — qts An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later 2021-04-17 not yet calculated CVE-2020-36195
MISC
qnap — qts
 
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later 2021-04-17 not yet calculated CVE-2020-2509
MISC
qnap — qts
 
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later) 2021-04-16 not yet calculated CVE-2018-19942
CONFIRM
razer — synapse
 
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations). 2021-04-14 not yet calculated CVE-2021-30494
MISC
MISC
MISC
razer — synapse
 
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations). 2021-04-14 not yet calculated CVE-2021-30493
MISC
MISC
MISC
rust — rust In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. 2021-04-11 not yet calculated CVE-2021-28878
MISC
MISC
rust — rust In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. 2021-04-11 not yet calculated CVE-2021-28877
MISC
rust — rust
 
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. 2021-04-11 not yet calculated CVE-2021-28876
MISC
MISC
rust — rust
 
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. 2021-04-11 not yet calculated CVE-2021-28875
MISC
MISC
rust — rust
 
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. 2021-04-11 not yet calculated CVE-2021-28879
MISC
MISC
rust — rust
 
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation. 2021-04-11 not yet calculated CVE-2015-20001
MISC
MISC
rust — rust
 
In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions. 2021-04-14 not yet calculated CVE-2018-25008
MISC
MISC
rust — rust
 
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. 2021-04-11 not yet calculated CVE-2020-36318
MISC
MISC
rust — rust
 
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. 2021-04-14 not yet calculated CVE-2020-36323
MISC
MISC
rust — rust
 
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. 2021-04-11 not yet calculated CVE-2020-36317
MISC
MISC
rust — rust
 
In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions. 2021-04-14 not yet calculated CVE-2017-20004
MISC
MISC
sap — commerce
 
SAP Commerce, versions – 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application. 2021-04-13 not yet calculated CVE-2021-27602
MISC
MISC
sap — focused_run
 
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization. 2021-04-13 not yet calculated CVE-2021-27609
MISC
MISC
sap — hcm_travel_management_fiori_apps
 
SAP’s HCM Travel Management Fiori Apps V2, version – 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted. 2021-04-13 not yet calculated CVE-2021-27605
MISC
MISC
sap — netweaver SAP NetWeaver ABAP Server and ABAP Platform (Process Integration – Integration Builder Framework), versions – 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. 2021-04-14 not yet calculated CVE-2021-27599
MISC
MISC
sap — netweaver
 
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions – 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet. 2021-04-13 not yet calculated CVE-2021-27598
MISC
MISC
sap — netweaver
 
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attacker does not have control over kind or degree. 2021-04-13 not yet calculated CVE-2021-27601
MISC
MISC
sap — netweaver_abap_server_and_abap_platform
 
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration – Enterprise Service Repository JAVA Mappings), versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. 2021-04-14 not yet calculated CVE-2021-27604
MISC
MISC
sap — netweaver_application_server
 
SAP NetWeaver Application Server Java(HTTP Service), versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled. 2021-04-13 not yet calculated CVE-2021-21492
MISC
MISC
sap — netweaver_application_server
 
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user. 2021-04-13 not yet calculated CVE-2021-21485
MISC
MISC
sap — netweaver_as_abap
 
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions – 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system. 2021-04-13 not yet calculated CVE-2021-27603
MISC
MISC
sap — netweaver_master_data_management
 
SAP NetWeaver Master Data Management, versions – 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed. 2021-04-13 not yet calculated CVE-2021-21482
MISC
MISC
sap — setup
 
An unquoted service path in SAPSetup, version – 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability. 2021-04-14 not yet calculated CVE-2021-27608
MISC
MISC
sap — solution_manager
 
Under certain conditions SAP Solution Manager, version – 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application. 2021-04-13 not yet calculated CVE-2021-21483
MISC
MISC
scratchoauth2 — scratchoauth2
 
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be user and gets login code from ScratchOAuth2. 4. 3rd party site gives code to user and instructs them to post it on their profile. 5. User posts code on their profile, not knowing it is a ScratchOAuth2 login code. 6. 3rd party site completes login with ScratchOAuth2. 7. 3rd party site has full access to anything the user could do if they directly logged in. See referenced GitHub security advisory for patch notes and workarounds. 2021-04-13 not yet calculated CVE-2021-29437
MISC
CONFIRM
shopxo — shopxo
 
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in “/index.php” by manipulating the parameter “user_id” in the HTML request. 2021-04-14 not yet calculated CVE-2020-19778
MISC
sickrage — sickrage in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information. 2021-04-12 not yet calculated CVE-2021-25925
MISC
MISC
sickrage — sickrage
 
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user’s sessionID to masquerade as a victim user, to carry out any actions in the context of the user. 2021-04-12 not yet calculated CVE-2021-25926
MISC
MISC
siren — federate
 
Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query execution by a low-privilege user and a high-privilege user. The former query might run with the latter query’s privileges. 2021-04-13 not yet calculated CVE-2021-28938
MISC
slab — quill
 
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. 2021-04-12 not yet calculated CVE-2021-3163
MISC
MISC
MISC
slic3r — libslic3r
 
An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 2021-04-13 not yet calculated CVE-2020-28590
MISC
solarwinds — orion_platform_2020
 
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903. 2021-04-14 not yet calculated CVE-2021-27258
MISC
sopel-channelmgnt — sopel-channelmgnt
 
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1. 2021-04-09 not yet calculated CVE-2021-21431
MISC
CONFIRM
MISC
swiper — swiper
 
This affects the package swiper before 6.5.1. 2021-04-12 not yet calculated CVE-2021-23370
MISC
MISC
MISC
MISC
MISC
MISC
sydent — sydent
 
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses. 2021-04-15 not yet calculated CVE-2021-29430
MISC
MISC
MISC
MISC
CONFIRM
MISC
sydent — sydent
 
Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources. 2021-04-15 not yet calculated CVE-2021-29431
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
sydent — sydent
 
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d. 2021-04-15 not yet calculated CVE-2021-29432
MISC
MISC
CONFIRM
MISC
sydent — sydent
 
### Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. ### Patches Fixed by 3175fd3. ### Workarounds There are no known workarounds. ### References n/a ### For more information If you have any questions or comments about this advisory, email us at security@matrix.org. 2021-04-15 not yet calculated CVE-2021-29433
CONFIRM
MISC
synapse — synapse Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. 2021-04-12 not yet calculated CVE-2021-21393
MISC
MISC
CONFIRM
MISC
synapse — synapse
 
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds. 2021-04-12 not yet calculated CVE-2021-21392
MISC
CONFIRM
MISC
synapse — synapse
 
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. 2021-04-12 not yet calculated CVE-2021-21394
MISC
MISC
CONFIRM
MISC
tencent — wechat This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-11907. 2021-04-14 not yet calculated CVE-2021-27247
MISC
tenda — g1_and_g3_routers

 

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/”portMappingIndex “request. This occurs because the “formDelPortMapping” function directly passes the parameter “portMappingIndex” to strcpy without limit. 2021-04-14 not yet calculated CVE-2021-27707
MISC
tenda — g1_and_g3_routers

 

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/”qosIndex “request. This occurs because the “formQOSRuleDel” function directly passes the parameter “qosIndex” to strcpy without limit. 2021-04-14 not yet calculated CVE-2021-27705
MISC
tenda — g1_and_g3_routers
 
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted “action/umountUSBPartition” request. This occurs because the “formSetUSBPartitionUmount” function executes the “doSystemCmd” function with untrusted input. 2021-04-16 not yet calculated CVE-2021-27692
MISC
tenda — g1_and_g3_routers
 
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/”IPMacBindIndex “request. This occurs because the “formIPMacBindDel” function directly passes the parameter “IPMacBindIndex” to strcpy without limit. 2021-04-14 not yet calculated CVE-2021-27706
MISC
tenda — go_routers
 
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the “formSetDebugCfg” function executes glibc’s system function with untrusted input. 2021-04-16 not yet calculated CVE-2021-27691
MISC
textpattern — textpattern
 
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. 2021-04-15 not yet calculated CVE-2021-30209
MISC
thanos — soft_cheetah_browser
 
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website. 2021-04-13 not yet calculated CVE-2021-29370
MISC
thrift — thrist
 
An invalid free in Thrift’s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. 2021-04-14 not yet calculated CVE-2021-24028
CONFIRM
CONFIRM
tibal_systems — zenario_cms
 
Cross Site Scripting (XSS) in the “admin_boxes.ajax.php” component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the “cID” parameter when creating a new HTML component. 2021-04-15 not yet calculated CVE-2021-27673
MISC
tibal_systems — zenario_cms
 
SQL Injection in the “admin_boxes.ajax.php” component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the “cID” parameter when creating a new HTML component. 2021-04-15 not yet calculated CVE-2021-27672
MISC
tibco — multiple_products The Windows Installation component of TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Community Edition and TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Community Edition: versions 1.3.0 and below and TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Enterprise Edition: versions 1.3.0 and below. 2021-04-14 not yet calculated CVE-2021-28825
CONFIRM
CONFIRM
tibco — multiple_products
 
The Windows Installation component of TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Community Edition and TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Community Edition: versions 1.3.0 and below and TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Enterprise Edition: versions 1.3.0 and below. 2021-04-14 not yet calculated CVE-2021-28826
CONFIRM
CONFIRM
totlink — x5000r_router
 
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc’s system function with untrusted input. In the function, “ip” parameter is directly passed to the attacker, allowing them to control the “ip” field to attack the OS. 2021-04-14 not yet calculated CVE-2021-27710
MISC
MISC
totlink — x5000r_router
 
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc’s system function with untrusted input. In the function, “command” parameter is directly passed to the attacker, allowing them to control the “command” field to attack the OS. 2021-04-14 not yet calculated CVE-2021-27708
MISC
MISC
tp-link — archer
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306. 2021-04-14 not yet calculated CVE-2021-27246
MISC
tp-link — tl-wr802n
 
TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution. 2021-04-12 not yet calculated CVE-2021-29302
MISC
MISC
MISC
tp-link — wr2041_firmware
 
Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long “ssid” parameter to the “/userRpm/popupSiteSurveyRpm.html” webpage, which crashes the router. 2021-04-14 not yet calculated CVE-2021-26827
MISC
tp-link –multiple_devices
 
In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP’s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. 2021-04-12 not yet calculated CVE-2021-3125
MISC
MISC
MISC
MISC
MISC
MISC
trestle — trestle-auth
 
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails’ built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account credentials. The vulnerability has been fixed in trestle-auth 0.4.2 released to RubyGems. 2021-04-13 not yet calculated CVE-2021-29435
MISC
CONFIRM
MISC
tribalsystems — zenario
 
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library – delete` module. 2021-04-16 not yet calculated CVE-2021-26830
CONFIRM
tsmuxer — tsmuxer
 
Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. 2021-04-14 not yet calculated CVE-2021-26805
MISC
valve_steam — valve_steam
 
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. 2021-04-10 not yet calculated CVE-2021-30481
MISC
MISC
MISC
MISC
wfilter — icf
 
Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function. 2021-04-15 not yet calculated CVE-2021-3243
MISC
wordpress — wordpress The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table. 2021-04-12 not yet calculated CVE-2021-24219
CONFIRM
MISC
wordpress — wordpress The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. 2021-04-12 not yet calculated CVE-2021-24218
CONFIRM
MISC
wordpress — wordpress The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the ‘s’ GET parameter on the Donors page. 2021-04-12 not yet calculated CVE-2021-24213
MISC
CONFIRM
wordpress — wordpress The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE. 2021-04-12 not yet calculated CVE-2021-24224
MISC
CONFIRM
wordpress — wordpress Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code. 2021-04-12 not yet calculated CVE-2021-24220
CONFIRM
MISC
wordpress — wordpress WordPress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. 2021-04-15 not yet calculated CVE-2021-29447
CONFIRM
MISC
wordpress — wordpress The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE. 2021-04-12 not yet calculated CVE-2021-24222
MISC
CONFIRM
wordpress — wordpress
 
The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the “Seasons & Calendars” page before outputing it in an A tag, leading to a reflected XSS issue 2021-04-12 not yet calculated CVE-2021-24225
MISC
CONFIRM
wordpress — wordpress
 
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution. 2021-04-12 not yet calculated CVE-2021-24217
CONFIRM
MISC
wordpress — wordpress
 
The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it’s generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial. 2021-04-12 not yet calculated CVE-2021-24223
MISC
CONFIRM
wordpress — wordpress
 
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. 2021-04-12 not yet calculated CVE-2021-24215
MISC
CONFIRM
wordpress — wordpress
 
WordPress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It’s strongly recommended that you keep auto-updates enabled to receive the fix. 2021-04-15 not yet calculated CVE-2021-29450
CONFIRM
MISC
wordpress — wordpress
 
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection. 2021-04-12 not yet calculated CVE-2021-24221
MISC
CONFIRM
x2engine — x2crm
 
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the “Comment” field in “/profile/activity” page. 2021-04-14 not yet calculated CVE-2021-27288
MISC
x2engine — x2engine
 
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the “First Name” and “Last Name” fields in “/index.php/contacts/create page” 2021-04-14 not yet calculated CVE-2020-21088
MISC
MISC
xerox — altalink
 
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. 2021-04-13 not yet calculated CVE-2019-10881
MISC
yubico — yubihsm-connector
 
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this. 2021-04-14 not yet calculated CVE-2021-28484
MISC
MISC
zoom — chat
 
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. 2021-04-09 not yet calculated CVE-2021-30480
MISC
MISC
MISC
MISC
MISC
MISC
zte — multiple_products
 
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 2021-04-13 not yet calculated CVE-2021-21729
MISC
zte — zxclous_irai
 
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04 2021-04-13 not yet calculated CVE-2021-21731
MISC
zte — zxhn_h168n A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6 2021-04-13 not yet calculated CVE-2021-21730
MISC
zulip — server

 

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation. 2021-04-15 not yet calculated CVE-2021-30478
MISC
zulip — server

 

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to. 2021-04-15 not yet calculated CVE-2021-30477
MISC
zulip — server
 
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation. 2021-04-15 not yet calculated CVE-2021-30487
MISC
zulip — server
 
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization. 2021-04-15 not yet calculated CVE-2021-30479
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: April 12, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — ipad_os An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. 2021-04-02 7.5 CVE-2021-1794
MISC
apple — ipad_os An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. 2021-04-02 7.5 CVE-2021-1796
MISC
apple — ipad_os A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2021-04-02 7.5 CVE-2021-1818
MISC
MISC
MISC
MISC
apple — ipad_os An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. 2021-04-02 7.5 CVE-2021-1795
MISC
apple — ipados A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2020-9975
MISC
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption. 2021-04-02 9.3 CVE-2021-1767
MISC
MISC
apple — ipados A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2021-04-02 9.3 CVE-2021-1763
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. 2021-04-02 9.3 CVE-2021-1758
MISC
MISC
MISC
MISC
apple — ipados Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2021-1750
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory. 2021-04-02 7.1 CVE-2021-1791
MISC
MISC
MISC
MISC
apple — ipados Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. 2021-04-02 9.3 CVE-2020-9967
MISC
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 9.3 CVE-2021-1759
MISC
MISC
MISC
apple — mac_os_x A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2020-27947
MISC
apple — mac_os_x A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2020-27921
MISC
MISC
apple — mac_os_x A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. 2021-04-02 9.3 CVE-2020-27915
MISC
MISC
apple — mac_os_x A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. 2021-04-02 9.3 CVE-2020-27914
MISC
MISC
apple — mac_os_x A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges. 2021-04-02 9.3 CVE-2021-1779
MISC
apple — mac_os_x An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2021-1805
MISC
apple — mac_os_x An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges. 2021-04-02 9.3 CVE-2020-29612
MISC
apple — mac_os_x A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 7.6 CVE-2021-1806
MISC
apple — mac_os_x An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2020-10015
MISC
MISC
apple — mac_os_x An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2020-27897
MISC
MISC
apple — macos A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2020-27907
MISC
MISC
apple — maos A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-04-02 9.3 CVE-2020-27941
MISC
cohesity — cohesity_dataplatform Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. 2021-04-02 7.5 CVE-2021-28123
CONFIRM
coreftp — core_ftp Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. 2021-04-05 7.5 CVE-2020-19596
MISC
deltaflow_project — deltaflow The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie. 2021-04-06 7.5 CVE-2021-28171
MISC
MISC
deltaflow_project — deltaflow The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login. 2021-04-06 7.5 CVE-2021-28173
MISC
MISC
dlink — dir-846_firmware HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. 2021-04-02 10 CVE-2020-27600
MISC
MISC
MISC
dlink — dir-878_firmware An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. 2021-04-02 7.5 CVE-2021-30072
MISC
MISC
dmasoftlab — dma_radius_manager DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen. 2021-04-02 7.5 CVE-2021-29012
MISC
MISC
emlog — emlog Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. 2021-04-02 7.5 CVE-2020-21585
MISC
MISC
htmldoc_project — htmldoc Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. 2021-04-05 7.5 CVE-2021-20308
MISC
MISC
latrix_project — latrix An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution. 2021-04-02 7.5 CVE-2021-30000
MISC
MISC
libpano13_project — libpano13 Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. 2021-04-05 7.5 CVE-2021-20307
MISC
MISC
luvion — grand_elite_3_connect_firmware An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model. 2021-04-02 8.3 CVE-2020-11925
MISC
magpierss_project — magpierss Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands. 2021-04-02 7.5 CVE-2021-28940
MISC
MISC
nettle_project — nettle A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. 2021-04-05 7.5 CVE-2021-20305
MISC
ocproducts — composr Composr 10.0.36 allows upload and execution of PHP files. 2021-04-06 7.5 CVE-2021-30149
MISC
MISC
okta — access_gateway A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. 2021-04-02 9 CVE-2021-28113
CONFIRM
openiam — openiam OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. 2021-04-06 7.5 CVE-2020-13420
MISC
openiam — openiam OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions. 2021-04-06 7.5 CVE-2020-13421
MISC
posimyth — the_plus_addons_for_elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active. 2021-04-05 7.5 CVE-2021-24175
MISC
CONFIRM
MISC
redmine — redmine Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. 2021-04-06 7.5 CVE-2021-30164
MISC
riot-os — riot RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function. 2021-04-06 7.5 CVE-2021-27697
MISC
riot-os — riot RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. 2021-04-06 7.5 CVE-2021-27698
MISC
riot-os — riot RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. 2021-04-06 7.5 CVE-2021-27357
MISC
sannce — smart_hd_wifi_security_camera_ean_2_950004_595317_firmware An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically. 2021-04-02 7.8 CVE-2019-20463
MISC
sannce — smart_hd_wifi_security_camera_ean_2_950004_595317_firmware An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the “default” account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device. 2021-04-02 7.2 CVE-2019-20466
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
algolplus — advanced_order_export This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. 2021-04-05 4.3 CVE-2021-24169
CONFIRM
apache — cxf CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a “request” parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the “request_uri” parameter. CXF was not validating the “request_uri” parameter (apart from ensuring it uses “https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. 2021-04-02 5 CVE-2021-22696
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
apple — icloud An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. 2021-04-02 6.8 CVE-2020-29617
MISC
MISC
MISC
MISC
MISC
apple — icloud An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. 2021-04-02 6.8 CVE-2020-29619
MISC
MISC
MISC
MISC
MISC
apple — icloud An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-29618
MISC
MISC
MISC
MISC
MISC
apple — icloud A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. 2021-04-02 6.8 CVE-2020-9926
MISC
MISC
MISC
MISC
MISC
apple — icloud An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-29611
MISC
MISC
MISC
MISC
MISC
apple — icloud A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27933
MISC
MISC
MISC
MISC
MISC
apple — ipad_os An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27908
MISC
MISC
MISC
MISC
MISC
apple — ipad_os This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. 2021-04-02 4.3 CVE-2021-1879
MISC
MISC
MISC
apple — ipad_os A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27944
MISC
MISC
MISC
MISC
apple — ipad_os A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27943
MISC
MISC
MISC
MISC
apple — ipad_os A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges. 2021-04-02 4.6 CVE-2020-27899
MISC
MISC
MISC
MISC
apple — ipad_os Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions. 2021-04-02 4.3 CVE-2020-27935
MISC
MISC
MISC
MISC
apple — ipados A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1789
FEDORA
FEDORA
MISC
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. 2021-04-02 6.8 CVE-2021-1792
MISC
MISC
MISC
MISC
apple — ipados A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain. 2021-04-02 4.3 CVE-2020-29613
MISC
apple — ipados A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1788
FEDORA
MISC
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1785
MISC
MISC
MISC
MISC
apple — ipados An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1783
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1777
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1776
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1774
MISC
MISC
MISC
MISC
apple — ipados A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. 2021-04-02 5 CVE-2021-1764
MISC
MISC
MISC
MISC
apple — ipados A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.. 2021-04-02 6.9 CVE-2021-1782
MISC
MISC
MISC
MISC
apple — ipados A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information. 2021-04-02 4.3 CVE-2021-1781
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2021-04-02 6.8 CVE-2021-1768
MISC
MISC
apple — ipados An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. 2021-04-02 4.3 CVE-2021-1778
MISC
MISC
MISC
MISC
apple — ipados A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. 2021-04-02 4.3 CVE-2021-1773
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. 2021-04-02 4.3 CVE-2021-1766
MISC
MISC
MISC
MISC
apple — ipados A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information. 2021-04-02 4.3 CVE-2021-1760
MISC
MISC
MISC
MISC
apple — ipados A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack. 2021-04-02 4.9 CVE-2021-1780
MISC
apple — ipados A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files. 2021-04-02 4.9 CVE-2021-1786
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. 2021-04-02 4.6 CVE-2021-1757
MISC
MISC
MISC
MISC
apple — ipados Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. 2021-04-02 4.6 CVE-2021-1787
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory. 2021-04-02 4.3 CVE-2020-29639
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service. 2021-04-02 4.3 CVE-2020-29615
MISC
MISC
MISC
MISC
apple — ipados An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory. 2021-04-02 4.3 CVE-2020-27946
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory. 2021-04-02 4.3 CVE-2020-29608
MISC
MISC
MISC
MISC
MISC
apple — ipados A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1772
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory. 2021-04-02 4.3 CVE-2020-29610
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1754
MISC
MISC
MISC
MISC
apple — ipados A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges. 2021-04-02 6.8 CVE-2020-9971
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27948
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation. 2021-04-02 6.8 CVE-2020-27951
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption. 2021-04-02 6.8 CVE-2020-29614
MISC
MISC
MISC
MISC
apple — ipados A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-29624
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-9955
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-9956
MISC
MISC
MISC
MISC
MISC
apple — ipados A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. 2021-04-02 6.8 CVE-2021-1748
MISC
MISC
MISC
apple — ipados A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-9962
MISC
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-9960
MISC
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1741
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1742
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1743
MISC
MISC
MISC
MISC
apple — ipados This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1746
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution. 2021-04-02 6.8 CVE-2021-1747
MISC
MISC
MISC
MISC
apple — mac_os_x This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-29625
MISC
apple — mac_os_x A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information. 2021-04-02 4.3 CVE-2020-27937
MISC
MISC
apple — mac_os_x An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1738
MISC
apple — mac_os_x A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution. 2021-04-02 6.8 CVE-2020-27920
MISC
MISC
MISC
MISC
MISC
apple — mac_os_x This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. 2021-04-02 6.8 CVE-2020-29620
MISC
apple — mac_os_x A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27922
MISC
MISC
MISC
MISC
MISC
apple — mac_os_x A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-29616
MISC
apple — mac_os_x This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1775
MISC
apple — mac_os_x An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27952
MISC
MISC
apple — mac_os_x This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. 2021-04-02 4.3 CVE-2021-1765
FEDORA
FEDORA
MISC
apple — mac_os_x An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27945
MISC
MISC
apple — mac_os_x An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1736
MISC
apple — mac_os_x A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. 2021-04-02 4.6 CVE-2021-1751
MISC
apple — mac_os_x A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. 2021-04-02 6.8 CVE-2020-27938
MISC
MISC
apple — mac_os_x A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27931
MISC
MISC
MISC
MISC
MISC
apple — mac_os_x A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges. 2021-04-02 4.6 CVE-2021-1802
MISC
apple — mac_os_x An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy. 2021-04-02 6.5 CVE-2020-29633
MISC
MISC
apple — mac_os_x An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory. 2021-04-02 6.6 CVE-2020-9930
MISC
apple — mac_os_x An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. 2021-04-02 6.6 CVE-2020-27936
MISC
apple — mac_os_x This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace. 2021-04-02 4.3 CVE-2020-27949
MISC
apple — mac_os_x An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27919
MISC
MISC
apple — mac_os_x An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1737
MISC
apple — mac_os_x An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. 2021-04-02 4.3 CVE-2020-10001
MISC
apple — mac_os_x An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27924
MISC
MISC
MISC
MISC
MISC
apple — mac_os_x An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27923
MISC
MISC
MISC
MISC
MISC
apple — macos A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information. 2021-04-02 4.3 CVE-2020-10008
MISC
apple — macos This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2020-27939
MISC
apple — macos A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. 2021-04-02 4.3 CVE-2020-27901
MISC
MISC
apple — macos The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user’s iCloud documents. 2021-04-02 4.3 CVE-2021-1803
MISC
apple — macos An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user’s screen. 2021-04-02 4 CVE-2020-27893
MISC
apple — macos_server An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. 2021-04-02 5.8 CVE-2020-9995
MISC
apple — safari A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-04-02 6.8 CVE-2021-1844
FEDORA
MISC
MISC
MISC
MISC
apple — xcode A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. 2021-04-02 4.3 CVE-2021-1800
MISC
asus — z10pr-d16_firmware The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 4 CVE-2021-28175
CONFIRM
CONFIRM
CONFIRM
cohesity — cohesity_dataplatform A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster. 2021-04-02 4.3 CVE-2021-28124
CONFIRM
contribsys — sidekiq Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. 2021-04-06 4.3 CVE-2021-30151
MISC
coreftp — core_ftp Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username. 2021-04-05 5 CVE-2020-19595
MISC
cozmoslabs — user_profile_picture The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. 2021-04-05 5 CVE-2021-24170
CONFIRM
MISC
daifukuya — kagemai Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-04-07 4.3 CVE-2021-20685
MISC
daifukuya — kagemai Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2021-04-07 6.8 CVE-2021-20687
MISC
daifukuya — kagemai Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-04-07 4.3 CVE-2021-20686
MISC
database-backups_project — database-backups The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin’s settings and delete backups. 2021-04-05 5.8 CVE-2021-24174
CONFIRM
dell — system_update Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. 2021-04-02 4.9 CVE-2021-21529
MISC
dell — wyse_management_suite Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details 2021-04-02 4 CVE-2021-21533
MISC
deltaflow_project — deltaflow There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. 2021-04-06 5 CVE-2021-28172
MISC
MISC
dmasoftlab — dma_radius_manager DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). 2021-04-02 4.3 CVE-2021-29011
MISC
MISC
docsifyjs — docsify docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the ” character. 2021-04-02 4.3 CVE-2021-30074
MISC
eng — knowage Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in ‘/knowagecockpitengine/api/1.0/pages/execute’ via the ‘SBI_HOST’ parameter. 2021-04-05 4.3 CVE-2021-30058
MISC
eng — knowage A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the ‘par_year’ parameter when running a report. 2021-04-05 6.5 CVE-2021-30055
MISC
expresstech — responsive_menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site. 2021-04-05 6.5 CVE-2021-24160
CONFIRM
MISC
expresstech — responsive_menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site. 2021-04-05 6.8 CVE-2021-24162
CONFIRM
MISC
expresstech — responsive_menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site. 2021-04-05 6.8 CVE-2021-24161
CONFIRM
MISC
froala — froala_editor Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. 2021-04-05 4.3 CVE-2021-30109
MISC
MISC
github — enterprise_server An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App’s web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program. 2021-04-02 4.3 CVE-2021-22865
MISC
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. 2021-04-02 4.3 CVE-2021-22200
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. 2021-04-02 5 CVE-2021-22203
CONFIRM
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. 2021-04-02 4.3 CVE-2021-22202
CONFIRM
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other 2021-04-02 4 CVE-2021-22197
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. 2021-04-02 4 CVE-2021-22198
CONFIRM
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. 2021-04-02 4 CVE-2021-22201
CONFIRM
MISC
MISC
glpi-project — dashboard The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. 2021-04-06 4 CVE-2021-30144
MISC
MISC
jamf — jamf Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. 2021-04-02 4.3 CVE-2021-30125
MISC
lightmeter — controlcenter Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query. 2021-04-02 6.4 CVE-2021-30126
MISC
magnolia-cms — magnolia_cms Magnolia CMS contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. 2021-04-02 4.3 CVE-2021-25894
MISC
MISC
MISC
magpierss_project — magpierss Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it’s possible to request any internal page if you use a https request. 2021-04-02 5 CVE-2021-28941
MISC
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. 2021-04-06 5 CVE-2021-30158
MISC
DEBIAN
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. 2021-04-06 4.3 CVE-2021-30157
MISC
DEBIAN
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. 2021-04-06 4.3 CVE-2021-30154
MISC
DEBIAN
ninjaforms — ninja_forms In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. 2021-04-05 4 CVE-2021-24164
CONFIRM
MISC
ninjaforms — ninja_forms The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. 2021-04-05 6.5 CVE-2021-24163
CONFIRM
MISC
ninjaforms — ninja_forms The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site’s OAuth connection. 2021-04-05 5.8 CVE-2021-24166
CONFIRM
MISC
ninjaforms — ninja_forms In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. 2021-04-05 5.8 CVE-2021-24165
CONFIRM
MISC
ocproducts — composr Composr 10.0.36 allows XSS in an XML script. 2021-04-06 4.3 CVE-2021-30150
MISC
MISC
openiam — openiam OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. 2021-04-06 5 CVE-2020-13419
MISC
openiam — openiam OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. 2021-04-06 4.3 CVE-2020-13418
MISC
openiam — openiam OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. 2021-04-06 5.5 CVE-2020-13422
MISC
piwigo — piwigo SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. 2021-04-02 6.5 CVE-2021-27973
MISC
pomerium — pomerium Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process 2021-04-02 5.8 CVE-2021-29652
CONFIRM
pomerium — pomerium Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). 2021-04-02 5.8 CVE-2021-29651
CONFIRM
redmine — redmine Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. 2021-04-06 5 CVE-2020-36308
MISC
redmine — redmine Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. 2021-04-06 5 CVE-2019-25026
MISC
redmine — redmine Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. 2021-04-06 5 CVE-2021-30163
MISC
redmine — redmine Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. 2021-04-06 4.3 CVE-2020-36307
MISC
redmine — redmine Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. 2021-04-06 4.3 CVE-2020-36306
MISC
rstudio — shiny_server Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. 2021-04-02 5 CVE-2021-3374
MISC
MISC
sannce — smart_hd_wifi_security_camera_ean_2_950004_595317_firmware An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. 2021-04-02 5 CVE-2019-20464
MISC
sannce — smart_hd_wifi_security_camera_ean_2_950004_595317_firmware An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera’s pan/zoom/tilt functionality. 2021-04-02 5 CVE-2019-20465
MISC
serenityos — serenity SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file. 2021-04-06 6.8 CVE-2021-28874
MISC
MISC
MISC
serenityos — serenity SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1. 2021-04-06 5 CVE-2021-27343
MISC
MISC
MISC
softing — opc_toolbox A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. 2021-04-02 6.8 CVE-2021-29660
MISC
svelte — svelte The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration. 2021-04-05 6.8 CVE-2021-29261
MISC
MISC
MISC
MISC
MISC
sygnoos — popup_builder The “All Subscribers” setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. 2021-04-05 4.3 CVE-2021-24152
CONFIRM
themeum — tutor_lms The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. 2021-04-05 4 CVE-2021-24181
CONFIRM
MISC
themeum — tutor_lms The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. 2021-04-05 4 CVE-2021-24182
CONFIRM
MISC
themeum — tutor_lms The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. 2021-04-05 4 CVE-2021-24183
CONFIRM
MISC
themeum — tutor_lms The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. 2021-04-05 4 CVE-2021-24185
CONFIRM
MISC
themeum — tutor_lms The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. 2021-04-05 4 CVE-2021-24186
CONFIRM
MISC
themeum — tutor_lms Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. 2021-04-05 6.5 CVE-2021-24184
CONFIRM
MISC
unionpayintl — union_pay Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants’ websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. 2021-04-06 5 CVE-2020-23533
MISC
MISC
MISC
unionpayintl — union_pay Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants’ websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. 2021-04-06 5 CVE-2020-36284
MISC
MISC
MISC
unionpayintl — union_pay Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants’ websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. 2021-04-06 5 CVE-2020-36285
MISC
MISC
MISC
vim_project — vim VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. 2021-04-05 6.8 CVE-2021-28832
MISC
MISC
MISC
vm_backups_project — vm_backups The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin’s options, leading to a Stored Cross-Site Scripting issue. 2021-04-05 4.3 CVE-2021-24173
CONFIRM
vm_backups_project — vm_backups The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current . 2021-04-05 4.3 CVE-2021-24172
CONFIRM
w1.fi — hostapd In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. 2021-04-02 5 CVE-2021-30004
MISC
web-stat — web-stat When visiting a site running Web-Stat < 1.4.0, the “wts_web_stat_load_init” function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account. 2021-04-05 5 CVE-2021-24167
CONFIRM
wire — wire-webapp wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0. 2021-04-02 4.3 CVE-2021-21400
MISC
MISC
MISC
CONFIRM
wso2 — api_manager WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. 2021-04-05 4.3 CVE-2020-17453
MISC
MISC
MISC
wuzhicms — wuzhicms Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. 2021-04-02 4 CVE-2020-21590
MISC
MISC
yomi-search_project — yomi-search Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-04-07 4.3 CVE-2021-20691
MISC
yomi-search_project — yomi-search Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-04-07 4.3 CVE-2021-20690
MISC
yomi-search_project — yomi-search Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-04-07 4.3 CVE-2021-20689
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — ipados A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. 2021-04-02 2.1 CVE-2021-1769
MISC
MISC
MISC
MISC
apple — ipados A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information. 2021-04-02 2.1 CVE-2021-1756
MISC
apple — ipados “Clear History and Website Data” did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. 2021-04-02 2.1 CVE-2020-29623
FEDORA
FEDORA
MISC
MISC
MISC
apple — ipados This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state. 2021-04-02 2.7 CVE-2020-9978
MISC
MISC
MISC
MISC
MISC
apple — mac_os_x This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences. 2021-04-02 2.1 CVE-2020-29621
MISC
apple — macos A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. 2021-04-02 2.1 CVE-2021-1755
MISC
clogica — seo_redirection The setting page of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin through 6.3 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute. 2021-04-05 3.5 CVE-2021-24187
CONFIRM
cm-wp — social_slider_widget The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized 2021-04-05 3.5 CVE-2021-24196
MISC
CONFIRM
coreftp — core_ftp Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox. 2021-04-02 2.1 CVE-2020-21588
MISC
MISC
easy_contact_form_pro_project — easy_contact_form_pro The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator. 2021-04-05 3.5 CVE-2021-24168
CONFIRM
elementor — website_builder In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. 2021-04-05 3.5 CVE-2021-24202
CONFIRM
MISC
elementor — website_builder In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. 2021-04-05 3.5 CVE-2021-24204
CONFIRM
MISC
elementor — website_builder In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. 2021-04-05 3.5 CVE-2021-24203
CONFIRM
MISC
elementor — website_builder In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. 2021-04-05 3.5 CVE-2021-24205
CONFIRM
MISC
elementor — website_builder In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. 2021-04-05 3.5 CVE-2021-24201
CONFIRM
MISC
elementor — website_builder In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. 2021-04-05 3.5 CVE-2021-24206
CONFIRM
MISC
eng — knowage Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the ‘EXEC_FROM’ parameter that can lead to data leakage. 2021-04-05 3.5 CVE-2021-30056
MISC
eng — knowage A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in “/restful-services/2.0/analyticalDrivers” via the ‘LABEL’ and ‘NAME’ parameters. 2021-04-05 3.5 CVE-2021-30057
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. 2021-04-02 3.5 CVE-2021-22196
CONFIRM
MISC
MISC
ibm — edge_application_manager IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441. 2021-04-05 3.5 CVE-2020-4792
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914 2021-04-05 3.5 CVE-2020-4997
XF
CONFIRM
jh_404_logger_project — jh_404_logger The JH 404 Logger WordPress plugin through 1.1 doesn’t sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. 2021-04-05 3.5 CVE-2021-24176
CONFIRM
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. 2021-04-02 2.1 CVE-2021-30002
MISC
MISC
MISC
magnolia-cms — magnolia_cms Magnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. 2021-04-02 3.5 CVE-2021-25893
MISC
MISC
MISC
never5 — related_posts Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the ‘lang’ GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL. 2021-04-05 3.5 CVE-2021-24180
CONFIRM
nokia — g-120w-f_firmware An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. 2021-04-02 3.5 CVE-2021-30003
MISC
softing — opc_toolbox Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. 2021-04-02 3.5 CVE-2021-29661
MISC
testimonial_rotator_project — testimonial_rotator Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation 2021-04-05 3.5 CVE-2021-24156
MISC
CONFIRM
themeisle — orbit_fox Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration. 2021-04-05 3.5 CVE-2021-24158
CONFIRM
MISC
themeisle — orbit_fox Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious. 2021-04-05 3.5 CVE-2021-24157
CONFIRM
MISC
webdesi9 — file_manager In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response. 2021-04-05 3.5 CVE-2021-24177
MISC
MISC
CONFIRM
wizconnected — a60_colors_firmware An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.) 2021-04-02 3.3 CVE-2020-11922
MISC
wizconnected — colors_a60_firmware An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. 2021-04-02 2.1 CVE-2020-11924
MISC
wizconnected — wiz An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. 2021-04-02 2.1 CVE-2020-11923
MISC
yoast — yoast_seo A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found. 2021-04-05 3.5 CVE-2021-24153
MISC
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
admin.php — online_book_store
 
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. 2021-04-09 not yet calculated CVE-2020-23763
MISC
MISC
apple — macos
 
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server’s certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected. 2021-04-06 not yet calculated CVE-2021-27899
CONFIRM
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-04-02 not yet calculated CVE-2021-1870
FEDORA
FEDORA
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. 2021-04-02 not yet calculated CVE-2021-1801
FEDORA
FEDORA
MISC
MISC
MISC
MISC
apple — multiple_products
 
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. 2021-04-02 not yet calculated CVE-2021-1799
FEDORA
FEDORA
MISC
MISC
MISC
MISC
MISC
aprelium — abyss_web_server
 
An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application. 2021-04-08 not yet calculated CVE-2021-3328
MISC
archive — archive
 
Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives. 2021-04-07 not yet calculated CVE-2021-20692
MISC
MISC
asus — bmc_firmware The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28189
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. 2021-04-06 not yet calculated CVE-2021-28207
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28187
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28185
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. 2021-04-06 not yet calculated CVE-2021-28204
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28183
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28198
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28181
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28179
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28178
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28177
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. 2021-04-06 not yet calculated CVE-2021-28206
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28200
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28201
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. 2021-04-06 not yet calculated CVE-2021-28208
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. 2021-04-06 not yet calculated CVE-2021-28209
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28202
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. 2021-04-06 not yet calculated CVE-2021-28203
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. 2021-04-06 not yet calculated CVE-2021-28205
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28199
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28197
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28186
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28176
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28182
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28184
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28196
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28188
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28190
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28191
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28192
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28193
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28194
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28195
CONFIRM
CONFIRM
CONFIRM
asus — bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. 2021-04-06 not yet calculated CVE-2021-28180
CONFIRM
CONFIRM
CONFIRM
asus — gputweak_ii
 
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl. 2021-04-08 not yet calculated CVE-2021-28685
MISC
MISC
asus — gputweak_ii
 
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl. 2021-04-08 not yet calculated CVE-2021-28686
MISC
MISC
atlassian — jira_server_and_jira_data_center
 
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. 2021-04-09 not yet calculated CVE-2020-36287
MISC
bixby — bixby
 
Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user. 2021-04-09 not yet calculated CVE-2021-25380
CONFIRM
CONFIRM
cern — indico
 
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. 2021-04-07 not yet calculated CVE-2021-30185
MISC
MISC
cisco — advanced_malware_protection
 
A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. 2021-04-08 not yet calculated CVE-2021-1386
CISCO
cisco — clam_antivirus

 

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. 2021-04-08 not yet calculated CVE-2021-1405
CISCO
cisco — clam_antivirus
 
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition. 2021-04-08 not yet calculated CVE-2021-1252
CISCO
cisco — clam_antivirus
 
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.0 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. 2021-04-08 not yet calculated CVE-2021-1404
CISCO
cisco — ios_xr_software
 
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to an affected command. A successful exploit could allow the attacker to execute commands on the underlying Linux OS with root privileges. 2021-04-08 not yet calculated CVE-2021-1485
CISCO
cisco — multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-04-08 not yet calculated CVE-2021-1415
CISCO
cisco — multiple_routers
 
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability. 2021-04-08 not yet calculated CVE-2021-1459
CISCO
cisco — multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-04-08 not yet calculated CVE-2021-1414
CISCO
cisco — multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-04-08 not yet calculated CVE-2021-1413
CISCO
cisco — sd-wan
 
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-04-08 not yet calculated CVE-2021-1137
CISCO
cisco — sd-wan_vmanage_software
 
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-04-08 not yet calculated CVE-2021-1479
CISCO
cisco — sd-wan_vmanage_software
 
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-04-08 not yet calculated CVE-2021-1480
CISCO
cisco — small_business_rv_series_routers Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2021-04-08 not yet calculated CVE-2021-1308
CISCO
cisco — small_business_rv_series_routers
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2021-04-08 not yet calculated CVE-2021-1251
CISCO
cisco — small_business_rv_series_routers
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2021-04-08 not yet calculated CVE-2021-1309
CISCO
cisco — small_business_rv_series_routers
 
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-04-08 not yet calculated CVE-2021-1473
CISCO
cisco — small_business_rv_series_routers
 
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-04-08 not yet calculated CVE-2021-1472
CISCO
cisco — umbrella

 

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-04-08 not yet calculated CVE-2021-1475
CISCO
cisco — umbrella
 
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-04-08 not yet calculated CVE-2021-1474
CISCO
cisco — unified_communications_manager A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization. 2021-04-08 not yet calculated CVE-2021-1399
CISCO
cisco — unified_communications_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2021-04-08 not yet calculated CVE-2021-1380
CISCO
cisco — unified_communications_manager
 
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device. 2021-04-08 not yet calculated CVE-2021-1362
CISCO
cisco — unified_intelligence_center_software
 
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2021-04-08 not yet calculated CVE-2021-1463
CISCO
cisco — univied_communications_manager Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2021-04-08 not yet calculated CVE-2021-1409
CISCO
cisco — univied_communications_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2021-04-08 not yet calculated CVE-2021-1408
CISCO
cisco — univied_communications_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2021-04-08 not yet calculated CVE-2021-1407
CISCO
cisco — univied_communications_manager
 
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges. 2021-04-08 not yet calculated CVE-2021-1406
CISCO
cisco — webex A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user’s browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. 2021-04-08 not yet calculated CVE-2021-1420
CISCO
cisco — webex
 
A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user. 2021-04-08 not yet calculated CVE-2021-1467
CISCO
citsmart– citsmart
 
CITSmart before 9.1.2.28 mishandles the “filtro de autocomplete.” 2021-04-06 not yet calculated CVE-2021-28142
MISC
cloud_controller — cloud_controller
 
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller. 2021-04-08 not yet calculated CVE-2021-22115
MISC
d-link — dsl-320b-d1_devices
 
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-04-07 not yet calculated CVE-2021-26709
MISC
FULLDISC
MISC
MISC
directus — directus
 
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com). 2021-04-07 not yet calculated CVE-2021-29641
MISC
FULLDISC
MISC
MISC
MISC
discord — recon_server
 
Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2. 2021-04-09 not yet calculated CVE-2021-21433
MISC
MISC
CONFIRM
django — django
 
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. 2021-04-06 not yet calculated CVE-2021-28658
MISC
MISC
MLIST
CONFIRM
dma — softlab_radius_manager
 
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. 2021-04-07 not yet calculated CVE-2021-30147
MISC
MISC
MISC
dnsmasque — dnsmasque
 
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. 2021-04-08 not yet calculated CVE-2021-3448
MISC
dolby — audio_x2
 
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. 2021-04-08 not yet calculated CVE-2021-3146
MISC
dream_report — r20-1 A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. 2021-04-09 not yet calculated CVE-2020-13534
MISC
dream_report — r20-1
 
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. 2021-04-09 not yet calculated CVE-2020-13532
MISC
dream_report — r20-1
 
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. 2021-04-09 not yet calculated CVE-2020-13533
MISC
eclipse — mosquitto
 
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. 2021-04-07 not yet calculated CVE-2021-28166
CONFIRM
erlang — erlang
 
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation’s directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with “erlsrv.exe” to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. 2021-04-09 not yet calculated CVE-2021-29221
MISC
MISC
esri — acrgis_online A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI ArcGIS Online before 10.9 and Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). 2021-04-08 not yet calculated CVE-2021-3012
MISC
exiv2 — exiv2
 
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. 2021-04-08 not yet calculated CVE-2021-3482
MISC
ffmpeg — ffmpeg
 
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. 2021-04-07 not yet calculated CVE-2021-30123
MISC
MISC
MISC
forcepoint — web_security_content_gateway
 
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. 2021-04-08 not yet calculated CVE-2020-6590
CONFIRM
freebsd — multiple_products
 
In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of “..” and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail. 2021-04-07 not yet calculated CVE-2020-25584
MISC
freebsd — multiple_products
 
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. 2021-04-07 not yet calculated CVE-2021-29627
MISC
freebsd — multiple_products
 
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unpriivleged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. 2021-04-07 not yet calculated CVE-2021-29626
MISC
friendica — friendica
 
** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states “the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.” 2021-04-05 not yet calculated CVE-2021-30141
MISC
MISC
gnome — gnome
 
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. 2021-04-07 not yet calculated CVE-2020-36314
MISC
MISC
gnu — chess
 
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. 2021-04-07 not yet calculated CVE-2021-30184
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 not yet calculated CVE-2021-21197
MISC
MISC
google — chrome Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2021-04-09 not yet calculated CVE-2021-21198
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 not yet calculated CVE-2021-21196
MISC
MISC
google — chrome
 
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 not yet calculated CVE-2021-21195
MISC
MISC
google — chrome
 
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 not yet calculated CVE-2021-21199
MISC
MISC
google — chrome
 
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-04-09 not yet calculated CVE-2021-21194
MISC
MISC
grav_admin_plugin — grav_admin_plugin
 
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround. 2021-04-07 not yet calculated CVE-2021-21425
CONFIRM
MISC
huawei — multiple_products
 
There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500. 2021-04-08 not yet calculated CVE-2021-22312
MISC
ibm — webspehere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. 2021-04-08 not yet calculated CVE-2021-20480
XF
CONFIRM
ikuaios — build
 
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. 2021-04-06 not yet calculated CVE-2021-28075
MISC
imb — spectrum_scale
 
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478. 2021-04-09 not yet calculated CVE-2021-29671
XF
CONFIRM
jenkins — multiple_products
 
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. 2021-04-07 not yet calculated CVE-2021-21641
MLIST
CONFIRM
jenkins — multiple_products
 
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names. 2021-04-07 not yet calculated CVE-2021-21640
MLIST
CONFIRM
jenkins — multiple_products
 
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type. 2021-04-07 not yet calculated CVE-2021-21639
MLIST
CONFIRM
jsrsasign –jsrsasign
 
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack. 2021-04-07 not yet calculated CVE-2021-30246
MISC
MISC
MISC
larsens — calender
 
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the “titel” column on the “Eintrage hinzufugen” tab. 2021-04-09 not yet calculated CVE-2020-23762
MISC
MISC
learnsite — learnsite
 
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained. 2021-04-08 not yet calculated CVE-2021-27522
MISC
lg — mobile_devices An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021). 2021-04-06 not yet calculated CVE-2021-30161
MISC
lg — mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). 2021-04-06 not yet calculated CVE-2021-30162
MISC
libertro — retroarch
 
The text-to-speech engine in libretro RetroArch for Windows 0.11 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. 2021-04-07 not yet calculated CVE-2021-28927
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. 2021-04-07 not yet calculated CVE-2020-36312
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. 2021-04-07 not yet calculated CVE-2020-36310
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. 2021-04-07 not yet calculated CVE-2021-30178
MISC
linux — linux_kernel
 
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn’t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. 2021-04-06 not yet calculated CVE-2021-28688
MISC
linux — linux_kernel
 
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. 2021-04-08 not yet calculated CVE-2021-29154
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. 2021-04-07 not yet calculated CVE-2020-36311
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. 2021-04-07 not yet calculated CVE-2020-36313
MISC
MISC
liquidfiles — liquidfiles
 
LiquidFiles 3.4.15 has stored XSS through the “send email” functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. 2021-04-06 not yet calculated CVE-2021-30140
MISC
MISC
MISC
litespeed_technologies — openlitespeed_web_server
 
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. 2021-04-07 not yet calculated CVE-2021-26758
MISC
CONFIRM
EXPLOIT-DB
magazinerz — magazinerz
 
Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-04-07 not yet calculated CVE-2021-20684
MISC
manageengine — servicedesk_plus
 
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. 2021-04-09 not yet calculated CVE-2021-20080
MISC
mark_text — mark_text
 
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. 2021-04-05 not yet calculated CVE-2021-29996
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to “protect” a page, a user is currently able to protect to a higher level than they currently have permissions for. 2021-04-09 not yet calculated CVE-2021-30152
MISC
DEBIAN
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain “fast double move” situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it’s only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. 2021-04-09 not yet calculated CVE-2021-30159
MISC
DEBIAN
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a “hidden” user exists. 2021-04-09 not yet calculated CVE-2021-30156
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. 2021-04-09 not yet calculated CVE-2021-30155
MISC
DEBIAN
micro_focus — application_automation_tools_plugin Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin – Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks. 2021-04-08 not yet calculated CVE-2021-22513
MISC
micro_focus — application_automation_tools_plugin
 
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin – Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks. 2021-04-08 not yet calculated CVE-2021-22512
MISC
micro_focus — application_automation_tools_plugin
 
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin – Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates. 2021-04-08 not yet calculated CVE-2021-22511
MISC
micro_focus — application_automation_tools_plugin
 
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin – Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions. 2021-04-08 not yet calculated CVE-2021-22510
MISC
micro_focus — operations_bridge_manager
 
Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access. 2021-04-08 not yet calculated CVE-2021-22507
MISC
mitake — mitake
 
Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login. 2021-04-08 not yet calculated CVE-2021-28174
MISC
mongodb– compass
 
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows. 2021-04-06 not yet calculated CVE-2021-20334
MISC
mozilla — firefox

 

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package. 2021-04-07 not yet calculated CVE-2013-1055
UBUNTU
UBUNTU
mozilla — firefox
 
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely. 2021-04-07 not yet calculated CVE-2013-1054
UBUNTU
UBUNTU
nagios — network_analyzer SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. 2021-04-08 not yet calculated CVE-2021-28925
MISC
MISC
nagios — network_analyzer
 
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. 2021-04-08 not yet calculated CVE-2021-28924
MISC
MISC
openresty — openresty
 
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. 2021-04-06 not yet calculated CVE-2020-36309
MISC
MISC
MISC
perl — perl
 
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. 2021-04-06 not yet calculated CVE-2021-29424
MISC
FEDORA
FEDORA
FEDORA
MISC
php-nuke — php-nuke
 
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE. 2021-04-07 not yet calculated CVE-2021-30177
MISC
phpseclib — phpseclib
 
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. 2021-04-06 not yet calculated CVE-2021-30130
MISC
CONFIRM
CONFIRM
projen — projen
 
`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen’s `NodeProject` project type (including any project type derived from it) include a `.github/workflows/rebuild-bot.yml` workflow that may allow any GitHub user to trigger execution of un-trusted code in the context of the “main” repository (as opposed to that of a fork). In some situations, such untrusted code may potentially be able to commit to the “main” repository. The rebuild-bot workflow is triggered by comments including `@projen rebuild` on pull-request to trigger a re-build of the projen project, and updating the pull request with the updated files. This workflow is triggered by an `issue_comment` event, and thus always executes with a `GITHUB_TOKEN` belonging to the repository into which the pull-request is made (this is in contrast with workflows triggered by `pull_request` events, which always execute with a `GITHUB_TOKEN` belonging to the repository from which the pull-request is made). Repositories that do not have branch protection configured on their default branch (typically `main` or `master`) could possibly allow an untrusted user to gain access to secrets configured on the repository (such as NPM tokens, etc). Branch protection prohibits this escalation, as the managed `GITHUB_TOKEN` would not be able to modify the contents of a protected branch and affected workflows must be defined on the default branch. 2021-04-06 not yet calculated CVE-2021-21423
MISC
CONFIRM
MISC
proofpoint — insider_threat_management_server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file’s encryption key to successfully exploit. All versions before 7.11 are affected. 2021-04-06 not yet calculated CVE-2021-22158
CONFIRM
proofpoint — insider_threat_management_server
 
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected. 2021-04-06 not yet calculated CVE-2021-27900
CONFIRM
proofpoint — insider_threat_management_server
 
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. 2021-04-06 not yet calculated CVE-2021-22157
CONFIRM
qualcomm — multiple_snapdragon_products Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2021-04-07 not yet calculated CVE-2020-11237
CONFIRM
qualcomm — multiple_snapdragon_products Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables 2021-04-07 not yet calculated CVE-2020-11255
CONFIRM
qualcomm — multiple_snapdragon_products Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-04-07 not yet calculated CVE-2020-11245
CONFIRM
qualcomm — multiple_snapdragon_products Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-04-07 not yet calculated CVE-2020-11247
CONFIRM
qualcomm — multiple_snapdragon_products Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-04-07 not yet calculated CVE-2020-11231
CONFIRM
qualcomm — multiple_snapdragon_products
 
Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking 2021-04-07 not yet calculated CVE-2021-1892
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-04-07 not yet calculated CVE-2020-11210
CONFIRM
qualcomm — multiple_snapdragon_products
 
User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile 2021-04-07 not yet calculated CVE-2020-11242
CONFIRM
qualcomm — multiple_snapdragon_products
 
RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2021-04-07 not yet calculated CVE-2020-11243
CONFIRM
qualcomm — multiple_snapdragon_products
 
Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2021-04-07 not yet calculated CVE-2020-11236
CONFIRM
qualcomm — multiple_snapdragon_products
 
Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-04-07 not yet calculated CVE-2020-11252
CONFIRM
qualcomm — multiple_snapdragon_products
 
Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-04-07 not yet calculated CVE-2020-11251
CONFIRM
qualcomm — multiple_snapdragon_products
 
When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-04-07 not yet calculated CVE-2020-11234
CONFIRM
qualcomm — multiple_snapdragon_products
 
A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-04-07 not yet calculated CVE-2020-11246
CONFIRM
qualcomm — multiple_snapdragon_products
 
Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-04-07 not yet calculated CVE-2020-11191
CONFIRM
ranker — ranker
 
Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-04-07 not yet calculated CVE-2021-20688
MISC
realtek — rtl8723de_ble_stack
 
An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. 2021-04-08 not yet calculated CVE-2020-23539
MISC
red_hat — red-Hat
 
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager’s secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-04-08 not yet calculated CVE-2021-3413
MISC
relic — relic
 
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. 2021-04-07 not yet calculated CVE-2020-36315
MISC
MISC
MISC
MISC
relic — relic
 
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present. 2021-04-07 not yet calculated CVE-2020-36316
MISC
MISC
MISC
MISC
rukovoditel — project_management_app An exploitable SQL injection vulnerability exists in “global_lists/choices” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. 2021-04-09 not yet calculated CVE-2020-13592
MISC
rukovoditel — project_management_app
 
An exploitable SQL injection vulnerability exists in the “forms_fields_rules/rules” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. 2021-04-09 not yet calculated CVE-2020-13587
MISC
rukovoditel — project_management_app
 
An exploitable SQL injection vulnerability exists in the “access_rules/rules_form” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. 2021-04-09 not yet calculated CVE-2020-13591
MISC
rust — id-map
 
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl. 2021-04-07 not yet calculated CVE-2021-30457
MISC
rust — id-map
 
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function. 2021-04-07 not yet calculated CVE-2021-30456
MISC
rust — id-map
 
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic. 2021-04-07 not yet calculated CVE-2021-30455
MISC
rust — outer_cgi
 
An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader. 2021-04-07 not yet calculated CVE-2021-30454
MISC
samsung — mobile An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. 2021-04-09 not yet calculated CVE-2021-25362
CONFIRM
CONFIRM
samsung — mobile

 

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. 2021-04-09 not yet calculated CVE-2021-25363
CONFIRM
CONFIRM
samsung — mobile

 

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment. 2021-04-09 not yet calculated CVE-2021-25375
CONFIRM
CONFIRM
samsung — mobile

 

An improper authorization vulnerability in Samsung Members “samsungrewards” scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account. 2021-04-09 not yet calculated CVE-2021-25374
CONFIRM
CONFIRM
samsung — mobile

 

Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. 2021-04-09 not yet calculated CVE-2021-25379
CONFIRM
CONFIRM
samsung — mobile

 

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications. 2021-04-09 not yet calculated CVE-2021-25361
CONFIRM
CONFIRM
samsung — mobile

 

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information. 2021-04-09 not yet calculated CVE-2021-25357
CONFIRM
CONFIRM
samsung — mobile

 

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. 2021-04-09 not yet calculated CVE-2021-25356
CONFIRM
CONFIRM
samsung — mobile
 
An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. 2021-04-09 not yet calculated CVE-2021-25376
CONFIRM
CONFIRM
samsung — mobile
 
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. 2021-04-09 not yet calculated CVE-2021-25373
CONFIRM
CONFIRM
samsung — mobile
 
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. 2021-04-09 not yet calculated CVE-2021-25377
CONFIRM
CONFIRM
samsung — mobile
 
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. 2021-04-09 not yet calculated CVE-2021-25378
CONFIRM
CONFIRM
samsung — mobile
 
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. 2021-04-09 not yet calculated CVE-2021-25364
CONFIRM
CONFIRM
samsung — mobile
 
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd. 2021-04-09 not yet calculated CVE-2021-25365
CONFIRM
CONFIRM
samsung — mobile
 
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. 2021-04-09 not yet calculated CVE-2021-25381
CONFIRM
CONFIRM
samsung — mobile
 
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-04-09 not yet calculated CVE-2021-25360
CONFIRM
CONFIRM
samsung — mobile
 
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications. 2021-04-09 not yet calculated CVE-2021-25359
CONFIRM
CONFIRM
samsung — mobile
 
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications. 2021-04-09 not yet calculated CVE-2021-25358
CONFIRM
CONFIRM
seafile — seafile
 
Seafile 7.0.5 (2019) allows Persistent XSS via the “share of library functionality.” 2021-04-06 not yet calculated CVE-2021-30146
MISC
serentiyos — serenityos
 
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. 2021-04-06 not yet calculated CVE-2021-30045
MISC
MISC
MISC
skyworth_digital_technology — rn510
 
Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed. 2021-04-09 not yet calculated CVE-2021-25326
MISC
skyworth_digital_technology — rn510
 
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device. 2021-04-09 not yet calculated CVE-2021-25328
MISC
skyworth_digital_technology — rn510
 
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). 2021-04-09 not yet calculated CVE-2021-25327
MISC
sonicwall — email_security
 
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. 2021-04-09 not yet calculated CVE-2021-20021
CONFIRM
sonicwall — email_security
 
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. 2021-04-09 not yet calculated CVE-2021-20022
CONFIRM
sonicwall — gms
 
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. 2021-04-10 not yet calculated CVE-2021-20020
CONFIRM
sopel-channelmgnt — sopel-channelmgnt
 
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1. 2021-04-09 not yet calculated CVE-2021-21431
MISC
CONFIRM
MISC
squirro — insights_engine
 
The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims’ session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes. 2021-04-08 not yet calculated CVE-2021-27945
CONFIRM
subrion — cms_version
 
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the “payment gateway” column on transactions tab. 2021-04-09 not yet calculated CVE-2020-23761
MISC
MISC
syncthing — syncthing
 
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it’s likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0. 2021-04-06 not yet calculated CVE-2021-21404
MISC
MISC
CONFIRM
MISC
teradici — pcoip_connection_manager_and_security_gateway
 
Sensitive smart card data is logged in default INFO logs by Teradici’s PCoIP Connection Manager and Security Gateway prior to version 21.01.3. 2021-04-06 not yet calculated CVE-2021-25692
MISC
timelybills — timelybills
 
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user’s files obtain JWT tokens for user’s account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted. 2021-04-06 not yet calculated CVE-2021-26833
MISC
umoci — umoci
 
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when “umoci unpack” or “umoci raw unpack” is used. 2021-04-06 not yet calculated CVE-2021-29136
MISC
CONFIRM
CONFIRM
unibox — u-50_and_enterprise_series
 
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device. 2021-04-09 not yet calculated CVE-2020-21884
MISC
MISC
MISC
unibox — u-50_and_enterprise_series
 
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. 2021-04-09 not yet calculated CVE-2020-21883
MISC
MISC
MISC
valve_stream — valve_stream
 
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. 2021-04-10 not yet calculated CVE-2021-30481
MISC
MISC
MISC
MISC
vela — vela
 
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the referenced GitHub Security Advisory for complete details. This is fixed in version 0.7.5. 2021-04-09 not yet calculated CVE-2021-21432
MISC
MISC
MISC
CONFIRM
MISC
vestacp — vestacp
 
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely. 2021-04-08 not yet calculated CVE-2021-30463
MISC
vestacp — vestacp
 
VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. 2021-04-08 not yet calculated CVE-2021-30462
MISC
vigra — computer_vision_library
 
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. 2021-04-06 not yet calculated CVE-2021-30046
MISC
wcms — wcms Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. 2021-04-07 not yet calculated CVE-2020-24138
MISC
wcms — wcms Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. 2021-04-07 not yet calculated CVE-2020-24139
MISC
wcms — wcms Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. 2021-04-07 not yet calculated CVE-2020-24137
MISC
wcms — wcms
 
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. 2021-04-07 not yet calculated CVE-2020-24136
MISC
wcms — wcms
 
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. 2021-04-07 not yet calculated CVE-2020-24140
MISC
wcms — wcms
 
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php. 2021-04-07 not yet calculated CVE-2020-24135
MISC
web-school_erp — web_school_erp A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim’s information to the attacker website. 2021-04-08 not yet calculated CVE-2021-30113
MISC
MISC
MISC
web-school_erp — web_school_erp
 
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege. 2021-04-08 not yet calculated CVE-2021-30112
MISC
MISC
MISC
web-school_erp — web_school_erp
 
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. 2021-04-08 not yet calculated CVE-2021-30111
MISC
MISC
MISC
web-school_erp — web_school_erp
 
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege. 2021-04-08 not yet calculated CVE-2021-30114
MISC
MISC
MISC
whatsapp — whatsapp
 
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material. 2021-04-06 not yet calculated CVE-2021-24027
CONFIRM
whatsapp — whatsapp
 
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write. 2021-04-06 not yet calculated CVE-2021-24026
CONFIRM
wikimedia — parsoid
 
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. 2021-04-09 not yet calculated CVE-2021-30458
MISC
MISC
wordpress — wordpress The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request – it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action. 2021-04-05 not yet calculated CVE-2021-24208
CONFIRM
MISC
wordpress — wordpress By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages – user roles must be specifically blocked from editing posts and pages. 2021-04-05 not yet calculated CVE-2021-24207
CONFIRM
MISC
wordpress — wordpress The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user’s browser. 2021-04-05 not yet calculated CVE-2021-24211
CONFIRM
wordpress — wordpress The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. 2021-04-05 not yet calculated CVE-2021-24212
MISC
CONFIRM
wordpress — wordpress The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd 2021-04-05 not yet calculated CVE-2021-24154
CONFIRM
wordpress — wordpress
 
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it’s possible to redirect the victim to any domain. 2021-04-05 not yet calculated CVE-2021-24210
MISC
CONFIRM
wordpress — wordpress
 
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a “blocked” extension within another “blocked” extension in the “wcuf_file_name” parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the “wcuf_current_upload_session_id” parameter. 2021-04-05 not yet calculated CVE-2021-24171
CONFIRM
MISC
wordpress — wordpress
 
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript. 2021-04-05 not yet calculated CVE-2021-24159
CONFIRM
MISC
wordpress — wordpress
 
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. 2021-04-05 not yet calculated CVE-2021-24209
MISC
MISC
CONFIRM
wordpress — wordpress
 
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. 2021-04-05 not yet calculated CVE-2021-24155
CONFIRM
wordpress — wordpress
 
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). 2021-04-05 not yet calculated CVE-2021-24150
CONFIRM
xiaomi — ax1800_routers
 
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user’s backup files uses hard-coded keys, which can expose sensitive information such as a user’s password. 2021-04-08 not yet calculated CVE-2020-14099
MISC
xiaomi — ax3600_routers
 
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. 2021-04-08 not yet calculated CVE-2020-14104
MISC
xiaomi — mobile_phones
 
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. 2021-04-08 not yet calculated CVE-2020-14106
MISC
xiaomi — mobile_phones
 
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. 2021-04-08 not yet calculated CVE-2020-14103
MISC
zoom — zoom
 
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. 2021-04-09 not yet calculated CVE-2021-30480
MISC
MISC
MISC
MISC
MISC
MISC
zte — zxa10_c300m A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8. 2021-04-09 not yet calculated CVE-2021-21728
MISC
zzcms — zzcms
 
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. 2021-04-08 not yet calculated CVE-2020-23426
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: April 5, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arubanetworks — instant A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 10 CVE-2019-5319
MISC
arubanetworks — instant A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-29 9 CVE-2021-25144
MISC
arubanetworks — instant A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 7.5 CVE-2021-25149
MISC
arubanetworks — instant A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-29 10 CVE-2020-24636
MISC
arubanetworks — instant A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 8.5 CVE-2021-25159
MISC
arubanetworks — instant A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 8.5 CVE-2021-25155
MISC
arubanetworks — instant A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 8.5 CVE-2021-25148
MISC
arubanetworks — instant A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 9 CVE-2021-25150
MISC
arubanetworks — instant A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 9 CVE-2021-25146
MISC
arubanetworks — instant A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 9.3 CVE-2021-25162
MISC
arubanetworks — instant A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-29 9 CVE-2020-24635
MISC
askey — rtf3505vw-n1_br_sv_g000_r3505vwn1001_s32_7_firmware Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. 2021-03-26 8.3 CVE-2020-28695
MISC
basercms — basercms baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. 2021-03-26 9 CVE-2021-20682
MISC
MISC
buddypress — buddypress BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it’s possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue. 2021-03-26 9 CVE-2021-21389
MISC
MISC
CONFIRM
ca — ehealth_performance_manager ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 7.2 CVE-2021-28249
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. 2021-03-26 7.2 CVE-2020-7467
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow. 2021-03-29 10 CVE-2020-25577
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label’s length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer. 2021-03-29 10 CVE-2020-25583
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. 2021-03-26 8.5 CVE-2020-25581
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges. 2021-03-26 9 CVE-2020-7468
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. 2021-03-26 8.5 CVE-2020-25582
MISC
freebsd — freebsd In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. 2021-03-26 7.5 CVE-2020-7461
MISC
gitjacker_project — gitjacker gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal. 2021-03-29 7.5 CVE-2021-29417
MISC
MISC
MISC
google — android A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. 2021-03-26 7.2 CVE-2021-25371
MISC
CONFIRM
google — android An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. 2021-03-26 7.2 CVE-2021-25372
MISC
CONFIRM
grandstream — grp2612_firmware Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. 2021-03-29 10 CVE-2020-25218
MISC
grandstream — grp2612_firmware Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. 2021-03-29 9 CVE-2020-25217
MISC
gridx_project — gridx Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. 2021-03-26 7.5 CVE-2020-19625
MISC
MISC
kongchuanhujiao_project — kongchuanhujiao In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21. 2021-03-26 7.5 CVE-2021-21403
MISC
CONFIRM
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. 2021-03-26 7.2 CVE-2021-29266
MISC
MISC
mitel — micontact_center_enterprise The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal. 2021-03-29 7.5 CVE-2021-26714
CONFIRM
mongo-express_project — mongo-express mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769. 2021-03-30 7.5 CVE-2020-24391
MISC
MISC
netgear — d6220_firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851. 2021-03-29 8.3 CVE-2021-27239
N/A
N/A
netgear — prosafe_network_management_system This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124. 2021-03-29 10 CVE-2021-27274
MISC
MISC
netgear — prosafe_network_management_system This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121. 2021-03-29 9 CVE-2021-27273
MISC
MISC
netgear — prosafe_network_management_system This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123. 2021-03-29 7.5 CVE-2021-27272
MISC
MISC
salesforce — mule MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021. 2021-03-26 7.5 CVE-2021-1626
MISC
salesforce — mule MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021. 2021-03-26 7.5 CVE-2021-1627
MISC
salesforce — mule MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021. 2021-03-26 7.5 CVE-2021-1628
MISC
simple_college_project — simple_college A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel. 2021-03-31 7.5 CVE-2020-28172
MISC
MISC
MISC
MISC
solarwinds — patch_manager This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009. 2021-03-29 7.2 CVE-2021-27240
N/A
tp-link — archer_a7_firmware This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309. 2021-03-29 9.3 CVE-2021-27245
N/A
underscorejs — underscore The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized. 2021-03-29 7.5 CVE-2021-23358
MISC
MLIST
MISC
MISC
MISC
MISC
DEBIAN
upx_project — upx A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. 2021-03-26 8.3 CVE-2021-20285
MISC
MISC
xerox — altalink_b8045_firmware Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. 2021-03-29 7.5 CVE-2021-28668
CONFIRM
zte — zxhn_f623_firmware A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33> 2021-03-29 7.8 CVE-2021-21727
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
\@thi.ng\/egf_project — \@thi.ng\/egf Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values (since GPG only available in non-browser env). However, if GPG encrypted values are used/required: 1. Perform a regex search for `#gpg`-tagged values in the EGF source file/string and check for backtick (\`) chars in the encrypted value string 2. Replace/remove them or skip parsing if present. 2021-03-30 6.5 CVE-2021-21412
MISC
MISC
CONFIRM
MISC
accusoft — imagegear An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2021-03-31 6.8 CVE-2021-21782
MISC
acexy — wireless-n_wifi_repeater_firmware The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required. 2021-03-29 5 CVE-2021-28936
MISC
MISC
MISC
acexy — wireless-n_wifi_repeater_firmware The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP. 2021-03-29 5 CVE-2021-28937
MISC
MISC
algolplus — advanced_order_export Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. 2021-03-31 4.3 CVE-2021-27349
MISC
apache — druid Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2 2021-03-30 6.5 CVE-2021-26919
MLIST
MISC
MLIST
MLIST
apache — tika A carefully crafted or corrupt file may trigger an infinite loop in Tika’s MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. 2021-03-31 4.3 CVE-2021-28657
MISC
arubanetworks — instant A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 4.3 CVE-2021-25161
MISC
arubanetworks — instant A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 4 CVE-2021-25160
MISC
arubanetworks — instant A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 4 CVE-2021-25157
MISC
arubanetworks — instant A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 4 CVE-2021-25156
MISC
arubanetworks — instant A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-29 4.6 CVE-2019-5317
MISC
arubanetworks — instant A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-29 5 CVE-2021-25143
MISC
arubanetworks — instant A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 2021-03-30 4.3 CVE-2021-25158
MISC
braces_project — braces A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. 2021-03-30 5 CVE-2018-1109
MISC
MISC
btcpayserver — btcpay_server BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. 2021-03-26 5 CVE-2021-29249
MISC
MISC
ca — ehealth ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 5 CVE-2021-28248
MISC
ca — ehealth ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 4.4 CVE-2021-28246
MISC
ca — ehealth_performance_manager ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-03-26 4.6 CVE-2021-28250
MISC
cncf — container_network_interface An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the ‘type’ field in the network configuration, it is possible to use special elements such as “../” separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as ‘reboot’. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-03-26 6.5 CVE-2021-20206
MISC
MISC
douzone — nbbdownloader.ocx NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. 2021-03-29 6.8 CVE-2020-7850
MISC
MISC
endian_trait_project — endian_trait An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics. 2021-04-01 5 CVE-2021-29929
MISC
eterna — ircii ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message. 2021-03-30 5 CVE-2021-29376
MISC
MLIST
MISC
ffmpeg — ffmpeg Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). 2021-03-30 4.6 CVE-2020-24995
MISC
MISC
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12270. 2021-03-30 4.3 CVE-2021-27262
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12295. 2021-03-30 6.8 CVE-2021-27268
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12292. 2021-03-30 4.3 CVE-2021-27265
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12291. 2021-03-30 4.3 CVE-2021-27264
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438. 2021-03-30 6.8 CVE-2021-27271
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12230. 2021-03-30 6.8 CVE-2021-27270
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-12390. 2021-03-30 6.8 CVE-2021-27269
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12293. 2021-03-30 4.3 CVE-2021-27266
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12269. 2021-03-30 6.8 CVE-2021-27261
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12290. 2021-03-30 4.3 CVE-2021-27263
MISC
MISC
foxitsoftware — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12294. 2021-03-30 6.8 CVE-2021-27267
MISC
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. 2021-03-26 5 CVE-2020-25578
MISC
freebsd — freebsd In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. 2021-03-26 4.9 CVE-2020-7463
MISC
freebsd — freebsd In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. 2021-03-26 4.9 CVE-2020-7462
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. 2021-03-26 5 CVE-2020-25580
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. 2021-03-26 5 CVE-2020-25579
MISC
freebsd — freebsd In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs. 2021-03-26 5 CVE-2020-7464
MISC
gistpad_project — gistpad GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens. 2021-03-30 5 CVE-2021-29642
MISC
MISC
gitlab — gitlab Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page 2021-03-26 4 CVE-2021-22172
CONFIRM
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. 2021-03-26 4 CVE-2021-22180
CONFIRM
MISC
MISC
gnu — binutils A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. 2021-03-26 4.3 CVE-2021-20284
MISC
MISC
gnu — tar A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. 2021-03-26 4.3 CVE-2021-20193
MISC
MISC
MISC
google — android An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. 2021-03-26 4.9 CVE-2021-25370
MISC
CONFIRM
ibm — cloud_pak_for_automation IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504. 2021-03-30 5.5 CVE-2021-20482
XF
CONFIRM
ibm — engineering_insights IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059. 2021-03-30 5.5 CVE-2021-20502
XF
CONFIRM
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293. 2021-03-30 5.5 CVE-2020-4848
XF
CONFIRM
ilch — ilch_cms An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker’s site after a successful login. 2021-03-29 4.9 CVE-2021-27352
MISC
MISC
MISC
imagemagick — imagemagick A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. 2021-03-26 4.3 CVE-2020-27829
MISC
MISC
insma — wifi_mini_spy_1080p_hd_security_ip_camera_firmware An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the ‘recdata.db’ file to call a specially crafted GoAhead ASP-file on the SD card. 2021-03-30 4.6 CVE-2020-19642
MISC
insma — wifi_mini_spy_1080p_hd_security_ip_camera_firmware Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the “goform/formSetFtpCfg” settings page. 2021-03-30 4.3 CVE-2020-19643
MISC
insma — wifi_mini_spy_1080p_hd_security_ip_camera_firmware Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. 2021-03-30 6.8 CVE-2020-19639
MISC
insma — wifi_mini_spy_1080p_hd_security_ip_camera_firmware An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to ‘/media/?action=cmd’. 2021-03-30 5 CVE-2020-19640
MISC
insma — wifi_mini_spy_1080p_hd_security_ip_camera_firmware An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the “Operator” Privilege can gain admin privileges via a crafted request to ‘/goform/formUserMng’. 2021-03-30 6.5 CVE-2020-19641
MISC
is-my-json-valid_project — is-my-json-valid It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated. 2021-03-30 5 CVE-2018-1107
MISC
MISC
jenkins — build_with_parameters A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. 2021-03-30 6.8 CVE-2021-21629
MLIST
CONFIRM
jenkins — cloud_statistics Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. 2021-03-30 4 CVE-2021-21631
MLIST
CONFIRM
jenkins — jabber_\(xmpp\)_notifier_and_control Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2021-03-30 4 CVE-2021-21634
MLIST
CONFIRM
jenkins — owasp_dependency-track A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. 2021-03-30 6.8 CVE-2021-21633
MLIST
CONFIRM
jenkins — owasp_dependency-track A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. 2021-03-30 4 CVE-2021-21632
MLIST
CONFIRM
jenkins — team_foundation_server A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2021-03-30 6.8 CVE-2021-21638
MLIST
CONFIRM
kill-by-port_project — kill-by-port This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. 2021-03-30 6.5 CVE-2021-23363
CONFIRM
CONFIRM
CONFIRM
librit — passhport app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization. 2021-03-26 4 CVE-2021-3027
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. 2021-03-26 4.7 CVE-2021-29264
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. 2021-03-26 4.7 CVE-2021-29265
MISC
MISC
linux — linux_kernel A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. 2021-03-26 4.4 CVE-2020-35508
MISC
MISC
matrix — synapse Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0. 2021-03-26 4.3 CVE-2021-21332
MISC
MISC
MISC
CONFIRM
mcafee — epolicy_orchestrator Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user. 2021-03-26 4.9 CVE-2021-23888
CONFIRM
mcafee — epolicy_orchestrator Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN. 2021-03-26 5.8 CVE-2021-23890
CONFIRM
microco — bluemonday bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the “script” string. 2021-03-27 4.3 CVE-2021-29272
MISC
MISC
microfocus — access_manager Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. 2021-03-26 4.3 CVE-2020-25840
MISC
microfocus — access_manager Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. 2021-03-26 5 CVE-2021-22506
MISC
mobileiron — mobile\@work The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the com/mobileiron/common/utils/C4928m.java file. 2021-03-29 5 CVE-2020-35138
MISC
MISC
MISC
mobileiron — mobile\@work The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. 2021-03-29 4.3 CVE-2020-35137
MISC
MISC
MISC
netgear — prosafe_network_management_system This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125. 2021-03-29 6.5 CVE-2021-27275
MISC
MISC
netgear — prosafe_network_management_system This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122. 2021-03-29 5.5 CVE-2021-27276
MISC
MISC
nic — knot_resolver A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. 2021-03-30 5 CVE-2018-1110
MISC
MISC
nim-lang — nim Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution. 2021-03-26 6.8 CVE-2021-21372
MISC
MISC
MISC
CONFIRM
nim-lang — nim Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, “nimble refresh” fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. 2021-03-26 6.8 CVE-2021-21374
MISC
MISC
MISC
CONFIRM
nim-lang — nim Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, “nimble refresh” fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. 2021-03-26 4.3 CVE-2021-21373
MISC
MISC
CONFIRM
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11924. 2021-03-29 4.6 CVE-2021-27243
N/A
N/A
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926. 2021-03-29 4.6 CVE-2021-27242
N/A
N/A
portprocesses_project — portprocesses This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. 2021-03-31 6.5 CVE-2021-23348
MISC
MISC
MISC
MISC
redhat — 389_directory_server When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. 2021-03-26 5 CVE-2020-35518
MISC
MISC
MISC
MISC
redhat — resteasy A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method’s parameter value. The highest threat from this vulnerability is to data confidentiality. 2021-03-26 5 CVE-2021-20289
MISC
redmine — redmine Redmine 4.1.x before 4.1.2 allows XSS because an issue’s subject is mishandled in the auto complete tip. 2021-03-29 4.3 CVE-2021-29274
MISC
MISC
remark42 — remark42 remark42 before 1.6.1 allows XSS, as demonstrated by “Locator: Locator{URL:” followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go. 2021-03-27 4.3 CVE-2021-29271
MISC
MISC
rocket.chat — rocket.chat Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app. 2021-03-26 4.3 CVE-2021-22886
MISC
MISC
MISC