Vulnerability Summary for the Week of March 1, 2021

Released
Mar 08, 2021
Document ID
SB21-067

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accellion -- ftaAccellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.2021-03-027.5CVE-2021-27730
MISC
apache -- tomcatThe fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.2021-03-017.5CVE-2021-25329
MLIST
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
bam_project -- bamAn issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.2021-03-057.5CVE-2021-28027
MISC
bittacora -- bpanelIn bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.2021-03-027.5CVE-2020-28657
MISC
byte_struct_project -- byte_structAn issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.2021-03-057.5CVE-2021-28033
MISC
doctor_appointment_system_project -- doctor_appointment_systemSQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.2021-03-057.5CVE-2021-27314
MISC
eprints -- eprintsEPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.2021-03-017.5CVE-2021-26703
CONFIRM
CONFIRM
MISC
eprints -- eprintsEPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.2021-03-017.5CVE-2021-26476
CONFIRM
MISC
fireblink -- object-colliderPrototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.2021-03-017.5CVE-2021-25914
MISC
MISC
google -- androidIn performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547.2021-02-267.2CVE-2021-0405
MISC
google -- androidIn jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311.2021-02-267.2CVE-2021-0402
MISC
google -- androidIn cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418.2021-02-267.2CVE-2021-0406
MISC
internment_project -- internmentAn issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>.2021-03-057.5CVE-2021-28037
MISC
isida -- retrieverLMA ISIDA Retriever 5.2 allows SQL Injection.2021-02-267.5CVE-2021-26904
MISC
MISC
jpeg -- jpeg_xlJPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.2021-03-027.5CVE-2021-27804
MISC
FULLDISC
MISC
MISC
onlyoffice -- document_serverAn improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.2021-03-017.8CVE-2021-25829
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
qcubed -- qcubedA SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.2021-03-047.5CVE-2020-24913
MISC
MISC
MISC
saltstack -- saltAn issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.2021-02-277.5CVE-2021-3148
MISC
FEDORA
FEDORA
CONFIRM
saltstack -- saltAn issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.2021-02-277.5CVE-2021-25283
MISC
FEDORA
FEDORA
CONFIRM
saltstack -- saltAn issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.2021-02-277.5CVE-2021-25281
MISC
FEDORA
FEDORA
CONFIRM
MISC
saltstack -- saltAn issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.2021-02-277.5CVE-2021-3197
MISC
FEDORA
FEDORA
CONFIRM
saltstack -- saltIn SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)2021-02-277.5CVE-2021-3144
MISC
FEDORA
FEDORA
CONFIRM
scratchpad_project -- scratchpadAn issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.2021-03-057.5CVE-2021-28031
MISC
scytl -- secure_voteAn issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.2021-02-277.5CVE-2019-25022
MISC
sercomm -- agcombo_vd625_firmwareSerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.2021-02-277.5CVE-2021-27132
MISC
MISC
stack_dst_project -- stack_dstAn issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic.2021-03-057.5CVE-2021-28034
MISC
stack_dst_project -- stack_dstAn issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.2021-03-057.5CVE-2021-28035
MISC
toodee_project -- toodeeAn issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.2021-03-057.5CVE-2021-28028
MISC
totaljs -- total.jsThe package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.2021-03-047.5CVE-2021-23344
MISC
MISC
visualware -- myconnection_serverAn issue was discovered in Visualware MyConnection Server through 11.0b build 5382. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.2021-02-2610CVE-2021-27198
MISC
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abb -- pm554_firmwareThe vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.2021-02-265CVE-2020-24686
CONFIRM
accellion -- ftaAccellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.2021-03-024.3CVE-2021-27731
MISC
aiohttp_project -- aiohttpaiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.2021-02-265.8CVE-2021-21330
MISC
MISC
CONFIRM
FEDORA
MISC
DEBIAN
apache -- tomcatWhen responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.2021-03-015CVE-2021-25122
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
atlassian -- crowdThe ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.2021-03-015CVE-2020-36240
MISC
bestit -- amazon_paybest it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.2021-02-266.4CVE-2020-28199
MISC
MISC
courier_management_system_project -- courier_management_systemCourier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.2021-03-044CVE-2020-35329
MISC
dataiku -- data_science_studioIn Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.2021-03-015.5CVE-2021-27225
CONFIRM
MISC
eclipse -- jettyIn Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.2021-02-265CVE-2020-27223
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
eprints -- eprintsEPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI.2021-03-016.8CVE-2021-3342
CONFIRM
CONFIRM
MISC
eprints -- eprintsEPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.2021-03-014.3CVE-2021-26475
CONFIRM
MISC
eprints -- eprintsEPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.2021-03-014.3CVE-2021-26702
CONFIRM
MISC
eprints -- eprintsEPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.2021-03-016.5CVE-2021-26704
CONFIRM
CONFIRM
MISC
google -- androidIn vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085.2021-02-266.9CVE-2021-0367
MISC
google -- androidIn vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.2021-02-266.9CVE-2021-0401
MISC
google -- androidIn vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093.2021-02-266.9CVE-2021-0366
MISC
isida -- retrieverLMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text'].2021-02-264.3CVE-2021-26903
MISC
MISC
joomla -- joomla\!An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.2021-03-045CVE-2021-23126
MISC
joomla -- joomla\!An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.2021-03-045CVE-2021-23131
MISC
joomla -- joomla\!An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads2021-03-045CVE-2021-23132
MISC
joomla -- joomla\!An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.2021-03-044.3CVE-2021-23130
MISC
joomla -- joomla\!An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.2021-03-044.3CVE-2021-23129
MISC
joomla -- joomla\!An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.2021-03-046.4CVE-2021-23128
MISC
joomla -- joomla\!An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.2021-03-046.4CVE-2021-23127
MISC
kaspersky -- endpoint_securityA component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.2021-02-264.6CVE-2020-26200
MISC
MISC
matrix -- synapseSynapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.2021-02-264.3CVE-2021-21274
MISC
MISC
MISC
CONFIRM
matrix -- synapseSynapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary.2021-02-265.8CVE-2021-21273
MISC
MISC
MISC
CONFIRM
microfocus -- solutions_business_managerMicro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.2021-02-265.2CVE-2019-18943
MISC
microfocus -- solutions_business_managerMicro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.2021-02-265.2CVE-2019-18945
CONFIRM
mozilla -- firefoxMozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.2021-02-266.8CVE-2021-23979
MISC
MISC
mozilla -- firefoxUsing the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.2021-02-266.8CVE-2021-23954
MISC
MISC
MISC
MISC
mozilla -- firefoxPerforming garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.2021-02-266.8CVE-2021-23960
MISC
MISC
MISC
MISC
mozilla -- firefoxIf a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.2021-02-264.3CVE-2021-23953
MISC
MISC
MISC
MISC
mozilla -- firefoxThe browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.2021-02-264.3CVE-2021-23955
MISC
MISC
mozilla -- firefoxIncorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.2021-02-266.8CVE-2021-23962
MISC
MISC
mozilla -- firefoxMozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.2021-02-266.8CVE-2021-23964
MISC
MISC
MISC
MISC
mozilla -- firefoxMozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.2021-02-266.8CVE-2021-23965
MISC
MISC
mozilla -- firefoxOne phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.2021-02-266.8CVE-2021-23972
MISC
MISC
mozilla -- firefoxAn ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.2021-02-264.3CVE-2021-23956
MISC
MISC
mozilla -- firefoxMozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.2021-02-266.8CVE-2021-23978
MISC
MLIST
DEBIAN
MISC
MISC
MISC
mozilla -- firefoxAs specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.2021-02-264.3CVE-2021-23969
MISC
MLIST
DEBIAN
MISC
MISC
MISC
mozilla -- firefoxThe developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.2021-02-264.3CVE-2021-23975
MISC
MISC
mozilla -- firefoxThe DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.2021-02-264.3CVE-2021-23974
MISC
MISC
mozilla -- firefoxIf Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.2021-02-264.3CVE-2021-23968
MISC
MLIST
DEBIAN
MISC
MISC
MISC
mozilla -- firefoxThe browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.2021-02-264.3CVE-2021-23958
MISC
MISC
mozilla -- firefoxAn XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.2021-02-264.3CVE-2021-23959
MISC
MISC
mozilla -- firefoxWhen trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.2021-02-264.3CVE-2021-23973
MISC
MLIST
DEBIAN
MISC
MISC
MISC
mozilla -- firefoxWhen accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.2021-02-265.8CVE-2021-23976
MISC
MISC
mozilla -- firefoxWhen processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.2021-02-264.3CVE-2021-23971
MISC
MISC
mozilla -- firefoxFurther techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.2021-02-264.3CVE-2021-23961
MISC
MISC
mozilla -- firefoxWhen sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.2021-02-264.3CVE-2021-23963
MISC
MISC
mozilla -- firefoxContext-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.2021-02-264.3CVE-2021-23970
MISC
MISC
mozilla -- firefoxNavigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.2021-02-264.3CVE-2021-23957
MISC
MISC
nodered -- node-redNode-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.2021-02-264CVE-2021-21297
MISC
CONFIRM
MISC
MISC
onlyoffice -- document_serverA file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer.2021-03-016.8CVE-2021-25830
MISC
MISC
MISC
MISC
MISC
MISC
onlyoffice -- document_serverA file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer.2021-03-016.8CVE-2021-25831
MISC
MISC
MISC
MISC
MISC
MISC
onlyoffice -- document_serverA heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.2021-03-016.8CVE-2021-25832
MISC
MISC
MISC
MISC
MISC
MISC
MISC
onlyoffice -- document_serverA file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code execution on DocumentServer.2021-03-016.8CVE-2021-25833
MISC
MISC
MISC
MISC
MISC
MISC
owncloud -- owncloudownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.2021-02-264.4CVE-2020-28646
MISC
MISC
prestashop -- prestashopPrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.22021-02-266.4CVE-2021-21308
MISC
MISC
CONFIRM
prestashop -- prestashopPrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.22021-02-266.5CVE-2021-21302
MISC
MISC
CONFIRM
prosoft-technology -- icx35-hwc-a_firmwareChanging the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).2021-02-265CVE-2021-22661
MISC
quinn_project -- quinnAn issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures.2021-03-055CVE-2021-28036
MISC
saltstack -- saltAn issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.2021-02-274.6CVE-2020-28243
MISC
FEDORA
FEDORA
CONFIRM
MISC
saltstack -- saltIn SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.2021-02-274.3CVE-2020-28972
FEDORA
FEDORA
CONFIRM
saltstack -- saltIn SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.2021-02-275.8CVE-2020-35662
FEDORA
FEDORA
CONFIRM
saltstack -- saltAn issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.2021-02-276.4CVE-2021-25282
MISC
FEDORA
FEDORA
CONFIRM
scytl -- secure_voteAn issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI.2021-02-275CVE-2019-25020
MISC
scytl -- secure_voteAn issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs.2021-02-276.4CVE-2019-25023
MISC
scytl -- secure_voteAn issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.2021-02-275CVE-2019-25021
MISC
synology -- diskstation_managerCleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.2021-02-264.3CVE-2021-26560
CONFIRM
synology -- diskstation_managerCleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.2021-02-264.3CVE-2021-26565
CONFIRM
synology -- diskstation_managerCleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.2021-02-264.3CVE-2021-26564
CONFIRM
synology -- diskstation_managerUse of unmaintained third party components vulnerability in faad in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via a crafted file path.2021-02-266.5CVE-2021-26567
CONFIRM
synology -- diskstation_managerStack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.2021-02-266.8CVE-2021-26561
CONFIRM
synology -- diskstation_managerOut-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.2021-02-266.8CVE-2021-26562
CONFIRM
synology -- diskstation_managerInsertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.2021-02-266.8CVE-2021-26566
CONFIRM
toodee_project -- toodeeAn issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations.2021-03-055CVE-2021-28029
MISC
tpm2_software_stack_project -- tpm2_software_stackMissing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.2021-02-264.6CVE-2020-24455
CONFIRM
CONFIRM
CONFIRM
truetype_project -- truetypeAn issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.2021-03-055CVE-2021-28030
MISC
vapor_project -- vaporVapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters.2021-02-265CVE-2021-21328
MISC
MISC
CONFIRM
MISC
w1.fi -- wpa_supplicantA vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.2021-02-265.4CVE-2021-27803
MLIST
MLIST
FEDORA
MISC
MISC
MISC
xerox -- altalink_b8045_firmwareXerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.2021-03-044CVE-2019-18628
MISC
CONFIRM
zenphoto -- zenphoto** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site."2021-02-266.5CVE-2020-36079
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
courier_management_system_project -- courier_management_systemCourier Management System 1.0 - 'First Name' Stored XSS2021-03-043.5CVE-2020-35328
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.2021-03-033.5CVE-2021-22182
CONFIRM
MISC
MISC
gnu -- glibcThe iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.2021-02-262.1CVE-2020-27618
MISC
MISC
google -- androidIn mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039.2021-02-262.1CVE-2021-0404
MISC
google -- androidIn netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124.2021-02-262.1CVE-2021-0403
MISC
i-doit -- i-doiti-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.2021-02-273.5CVE-2021-3151
MISC
MISC
ibm -- doors_nextIBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.2021-03-043.5CVE-2020-4856
XF
CONFIRM
ibm -- doors_nextIBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.2021-03-043.5CVE-2020-4857
XF
CONFIRM
ibm -- doors_nextIBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.2021-03-043.5CVE-2020-4863
XF
CONFIRM
ibm -- doors_nextIBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.2021-03-043.5CVE-2020-4866
XF
CONFIRM
ibm -- doors_nextIBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.2021-03-043.5CVE-2021-20340
XF
CONFIRM
ibm -- doors_nextIBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.2021-03-043.5CVE-2021-20350
XF
CONFIRM
ibm -- doors_nextIBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.2021-03-043.5CVE-2021-20351
XF
CONFIRM
microfocus -- solutions_business_managerMicro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.2021-02-263.8CVE-2019-18946
CONFIRM
microfocus -- solutions_business_managerMicro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.2021-02-262.7CVE-2019-18947
CONFIRM
microfocus -- solutions_business_managerMicro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.2021-02-262.3CVE-2019-18944
CONFIRM
microfocus -- solutions_business_managerMicro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.2021-02-262.3CVE-2019-18942
CONFIRM
mozilla -- firefoxFirefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.2021-02-262.6CVE-2021-23977
MISC
MISC
opentext -- content_serverThere are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.2021-02-263.5CVE-2021-3010
MISC
MISC
saltstack -- saltAn issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.2021-02-271.9CVE-2021-25284
MISC
FEDORA
FEDORA
CONFIRM
samsung -- internetImproper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.2021-03-042.1CVE-2021-25348
MISC
CONFIRM
samsung -- s_assistantCalling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.2021-03-042.1CVE-2021-25341
MISC
CONFIRM
synology -- diskstation_managerImproper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module.2021-02-262.1CVE-2021-26563
CONFIRM
zte -- zxr10_8900e_firmwareA ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.2021-02-262.1CVE-2021-21724
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
activerecord-session_store -- activerecord-session_store
 
The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.2021-03-05not yet calculatedCVE-2019-25025
MISC
adguard -- adguard
 
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.2021-03-03not yet calculatedCVE-2021-27935
MISC
advantech -- webaccess/scada
 
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.2021-03-03not yet calculatedCVE-2020-13554
MISC
afterlogic -- aurora
 
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.2021-03-04not yet calculatedCVE-2021-26293
CONFIRM
ansi -- ansi
 
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.2021-03-05not yet calculatedCVE-2021-3377
MISC
MISC
anuko -- time_tracker
 
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator. This vulnerability is pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing).2021-03-03not yet calculatedCVE-2021-21352
MISC
CONFIRM
MISC
apache -- ambari_views
 
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.2021-03-02not yet calculatedCVE-2020-1936
MLIST
CONFIRM
apache -- asterixdb
 
When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB2021-03-01not yet calculatedCVE-2020-9479
MLIST
MISC
apache -- superset
 
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code.2021-03-05not yet calculatedCVE-2021-27907
MISC
MLIST
argopro -- argopro
 
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.2021-03-03not yet calculatedCVE-2021-23347
CONFIRM
CONFIRM
aruba -- airwave_management_platformA remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.2021-03-05not yet calculatedCVE-2021-26969
MISC
aruba -- airwave_management_platformA remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2021-03-05not yet calculatedCVE-2021-26968
MISC
aruba -- airwave_management_platformA remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface.2021-03-05not yet calculatedCVE-2021-26967
MISC
aruba -- airwave_management_platformA remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.2021-03-05not yet calculatedCVE-2021-26966
MISC
aruba -- airwave_management_platformA remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.2021-03-05not yet calculatedCVE-2021-26965
MISC
aruba -- airwave_management_platformA remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.2021-03-05not yet calculatedCVE-2021-26963
MISC
aruba -- airwave_management_platformA remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.2021-03-05not yet calculatedCVE-2021-26970
MISC
aruba -- airwave_management_platformA remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.2021-03-05not yet calculatedCVE-2021-26971
MISC
aruba -- airwave_management_platform
 
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to.2021-03-05not yet calculatedCVE-2021-26964
MISC
aruba -- airwave_management_platform
 
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.2021-03-05not yet calculatedCVE-2021-26960
MISC
aruba -- airwave_management_platform
 
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.2021-03-05not yet calculatedCVE-2021-26961
MISC
aruba -- airwave_management_platform
 
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.2021-03-05not yet calculatedCVE-2021-26962
MISC
bitnami -- containers
 
In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.2021-03-03not yet calculatedCVE-2021-21979
MISC
blackboard -- collaborate_ultra
 
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class.2021-03-02not yet calculatedCVE-2020-25902
MISC
MISC
cgal -- libcal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability.2021-03-04not yet calculatedCVE-2020-35636
MISC
cgal -- libcal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.2021-03-04not yet calculatedCVE-2020-35628
MISC
cgal -- libcgal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.2021-03-04not yet calculatedCVE-2020-28636
MISC
cgal -- libcgal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.2021-03-04not yet calculatedCVE-2020-28601
MISC
clustered_data -- ontap
 
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.2021-03-04not yet calculatedCVE-2021-26988
MISC
clustered_data -- ontap
 
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.2021-03-04not yet calculatedCVE-2021-26989
MISC
courier -- management_system
 
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php2021-03-04not yet calculatedCVE-2020-35327
MISC
datadog -- datadog
 
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. The method `prepareDownloadFilecreates` creates a temporary file with the permissions bits of `-rw-r--r--` on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded via the `downloadFileFromResponse` method will be visible to all other users on the local system. Analysis of the finding determined that the affected code was unused, meaning that the exploitation likelihood is low. The unused code has been removed, effectively mitigating this issue. This issue has been patched in version 1.0.0-beta.9. As a workaround one may specify `java.io.tmpdir` when starting the JVM with the flag `-Djava.io.tmpdir`, specifying a path to a directory with `drw-------` permissions owned by `dd-agent`.2021-03-03not yet calculatedCVE-2021-21331
CONFIRM
CONFIRM
dell -- emc_openmanage_server_administrator
 
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.2021-03-02not yet calculatedCVE-2021-21513
CONFIRM
dell -- emc_openmanage_server_administrator
 
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.2021-03-02not yet calculatedCVE-2021-21514
CONFIRM
dell -- emc_sourceone
 
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server.2021-03-01not yet calculatedCVE-2021-21515
MISC
deutsche -- post_mailoptimizer
 
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.2021-03-05not yet calculatedCVE-2021-28042
MISC
MISC
docker -- dashboard
 
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.2021-03-02not yet calculatedCVE-2021-27886
MISC
MISC
MISC
doctor_appointment_system -- doctor_appointment_systemCross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.2021-03-01not yet calculatedCVE-2021-27318
MISC
MISC
doctor_appointment_system -- doctor_appointment_system
 
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.2021-03-01not yet calculatedCVE-2021-27317
MISC
MISC
e107 -- e107
 
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.2021-03-02not yet calculatedCVE-2021-27885
MISC
MISC
MISC
epignosis -- efontpro
 
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.2021-03-03not yet calculatedCVE-2020-28597
MISC
fastify-reply-form -- fastify-reply-formfastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1.2021-03-02not yet calculatedCVE-2021-21322
MISC
CONFIRM
MISC
fastify-reply-form -- fastify-reply-form
 
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2.2021-03-02not yet calculatedCVE-2021-21321
MISC
CONFIRM
MISC
fatek -- fvdesigner

 

An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.2021-03-03not yet calculatedCVE-2021-22670
MISC
fatek -- fvdesigner
 
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.2021-03-03not yet calculatedCVE-2021-22683
MISC
fatek -- fvdesigner
 
A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.2021-03-03not yet calculatedCVE-2021-22662
MISC
fatek -- fvdesigner
 
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.2021-03-03not yet calculatedCVE-2021-22638
MISC
fatek -- fvdesigner
 
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution.2021-03-03not yet calculatedCVE-2021-22666
MISC
fork -- forkcmsPHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.2021-03-04not yet calculatedCVE-2020-24036
MISC
MISC
MISC
fortinet -- fortigate
 
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.2021-03-04not yet calculatedCVE-2020-15938
CONFIRM
fortinet -- fortigate
 
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.2021-03-03not yet calculatedCVE-2020-15937
CONFIRM
fortinet -- fortiproxy
 
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.2021-03-04not yet calculatedCVE-2021-22128
CONFIRM
fs-path -- fs-pathfs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.2021-03-04not yet calculatedCVE-2020-8298
MISC
MISC
MISC
gigaset -- dx600a_devicesThe telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.2021-03-02not yet calculatedCVE-2021-25309
MISC
gigaset -- dx600a_devices
 
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.2021-03-02not yet calculatedCVE-2021-25306
MISC
github -- enterprise_server
 
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.2021-03-03not yet calculatedCVE-2020-10519
MISC
MISC
MISC
github -- github

 

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.2021-03-03not yet calculatedCVE-2021-22862
MISC
github -- github

 

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.2021-03-03not yet calculatedCVE-2021-22863
MISC
MISC
MISC
MISC
github -- github
 
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.2021-03-03not yet calculatedCVE-2021-22861
MISC
MISC
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.2021-03-03not yet calculatedCVE-2021-22188
CONFIRM
MISC
MISC
gitlab -- gitlab
 
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.2021-03-04not yet calculatedCVE-2021-22189
CONFIRM
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.2021-03-04not yet calculatedCVE-2021-22183
CONFIRM
MISC
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 12.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.2021-03-02not yet calculatedCVE-2021-22187
CONFIRM
MISC
glpi -- glpiGLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.2021-03-02not yet calculatedCVE-2021-21258
MISC
CONFIRM
glpi -- glpi
 
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: "Web Link" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: " accesskey="x" onclick="alert(1)" x=", the content will be saved within the database without any control. And then once you return to the summary documents page, by clicking on the "Web Link" of the newly created file it will create a new empty tab, but on the initial tab the pop-up "1" will appear.2021-03-03not yet calculatedCVE-2021-21312
MISC
CONFIRM
glpi -- glpi
 
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads (due to two different exploitations depending on which parameter you act) to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript:alert(document.cookie)&_itemtype=DisplayPreference&_glpi_tab=DisplayPreference$2&id=258&displaytype=Ticket (Payload triggered if you click on the button). /ajax/common.tabs.php?_target=/front/ticket.form.php&_itemtype=Ticket&_glpi_tab=Ticket$1&id=(){};(function%20(){alert(document.cookie);})();function%20a&#.2021-03-03not yet calculatedCVE-2021-21313
MISC
CONFIRM
glpi -- glpi
 
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.2021-03-03not yet calculatedCVE-2021-21314
MISC
CONFIRM
glpi -- glpi
 
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.2021-03-02not yet calculatedCVE-2021-21255
MISC
CONFIRM
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2021-03-03not yet calculatedCVE-2021-20233
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2021-03-03not yet calculatedCVE-2021-20225
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2021-03-03not yet calculatedCVE-2020-25632
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2021-03-03not yet calculatedCVE-2020-25647
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2021-03-03not yet calculatedCVE-2020-27749
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2021-03-03not yet calculatedCVE-2020-27779
MISC
gunua -- genugate
 
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.2021-03-03not yet calculatedCVE-2021-27215
MISC
MISC
MISC
harmonyos -- harmonyos
 
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.2021-03-02not yet calculatedCVE-2021-22294
MISC
harmonyos -- harmonyos
 
A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.2021-03-02not yet calculatedCVE-2021-22296
MISC
MISC
MISC
html-parse-stringify -- html-parse-stringify
 
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.2021-03-04not yet calculatedCVE-2021-23346
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm -- cloud_apm
 
IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974.2021-03-02not yet calculatedCVE-2020-4725
XF
CONFIRM
ibm -- cloud_apm
 
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.2021-03-02not yet calculatedCVE-2020-4719
XF
CONFIRM
ibm -- cloud_apm
 
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.2021-03-02not yet calculatedCVE-2020-4726
XF
CONFIRM
ibm -- multiple_products
 
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435.2021-03-04not yet calculatedCVE-2020-4975
XF
CONFIRM
ibm -- security_verify_bridge
 
IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.2021-03-03not yet calculatedCVE-2021-20441
XF
CONFIRM
ibm -- security_verify_bridge
 
IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618.2021-03-03not yet calculatedCVE-2021-20442
XF
CONFIRM
identitymodel -- identitymodel
 
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.2021-03-05not yet calculatedCVE-2020-36255
MISC
MISC
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.2021-03-04not yet calculatedCVE-2021-26029
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.2021-03-04not yet calculatedCVE-2021-26028
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.2021-03-04not yet calculatedCVE-2021-26027
MISC
kentico -- the_blog
 
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.2021-03-05not yet calculatedCVE-2021-27581
MISC
MISC
lg -- mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).2021-03-02not yet calculatedCVE-2021-27901
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.2021-03-05not yet calculatedCVE-2021-28039
MLIST
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.2021-03-05not yet calculatedCVE-2021-28038
MLIST
MISC
linux -- linux_kernel
 
A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.2021-03-04not yet calculatedCVE-2020-25639
MISC
lumisxp -- lumisxp
 
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.2021-03-03not yet calculatedCVE-2021-27931
MISC
markdown -- markdown
 
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.2021-03-03not yet calculatedCVE-2021-26813
MISC
matrix-react-sdk -- matrix-react-sdk
 
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.2021-03-02not yet calculatedCVE-2021-21320
MISC
MISC
CONFIRM
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.2021-03-03not yet calculatedCVE-2021-26858
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065.2021-03-03not yet calculatedCVE-2021-27078
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.2021-03-03not yet calculatedCVE-2021-26857
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.2021-03-03not yet calculatedCVE-2021-27065
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.2021-03-03not yet calculatedCVE-2021-26412
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.2021-03-03not yet calculatedCVE-2021-26854
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.2021-03-03not yet calculatedCVE-2021-26855
MISC
misp -- misp
 
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.2021-03-02not yet calculatedCVE-2021-27904
MISC
mobilewips -- mobilewips
 
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.2021-03-02not yet calculatedCVE-2021-25330
MISC
mongodb -- mongodb_server
 
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11.2021-03-01not yet calculatedCVE-2018-25004
MISC
mongodb -- mongodb_server
 
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.2021-03-01not yet calculatedCVE-2020-7929
CONFIRM
movable -- multiple_productsCross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.2021-03-05not yet calculatedCVE-2021-20665
MISC
MISC
movable -- multiple_products
 
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.2021-03-05not yet calculatedCVE-2021-20663
MISC
MISC
movable -- multiple_products
 
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.2021-03-05not yet calculatedCVE-2021-20664
MISC
MISC
msi -- dragon_center
 
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.2021-03-05not yet calculatedCVE-2021-27965
MISC
MISC
mymvconnect24 -- mymvconnect24
 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.2021-03-02not yet calculatedCVE-2020-12530
CONFIRM
mymvconnect24 -- mymvconnect24
 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.2021-03-02not yet calculatedCVE-2020-12529
CONFIRM
mymvconnect24 -- mymvconnect24
 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.2021-03-02not yet calculatedCVE-2020-12528
CONFIRM
mymvconnect24 -- mymvconnect24
 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to.2021-03-02not yet calculatedCVE-2020-12527
CONFIRM
netgear -- r7800_devices

 

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.2021-03-05not yet calculatedCVE-2021-27256
N/A
N/A
netgear -- r7800_devices

 

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.2021-03-05not yet calculatedCVE-2021-27255
N/A
N/A
netgear -- r7800_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.2021-03-05not yet calculatedCVE-2021-27254
N/A
N/A
netgear -- r7800_devices
 
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.2021-03-05not yet calculatedCVE-2021-27257
N/A
N/A
newlib -- newlib
 
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.2021-03-05not yet calculatedCVE-2021-3420
MISC
nextcloud -- nexcloud_server
 
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.2021-03-03not yet calculatedCVE-2021-22878
MISC
MISC
MISC
nextcloud -- nexcloud_server
 
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.2021-03-03not yet calculatedCVE-2021-22877
MISC
MISC
MISC
MISC
nextcloud -- nextcloud_server
 
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.2021-03-03not yet calculatedCVE-2020-8296
MISC
MISC
MISC
MISC
node.js -- node.js
 
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.2021-03-03not yet calculatedCVE-2021-22884
MISC
MISC
MISC
node.js -- node.js
 
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.2021-03-03not yet calculatedCVE-2021-22883
MISC
MISC
online_invoicing_system -- online_invoicing_system
 
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.2021-03-03not yet calculatedCVE-2021-27839
MISC
MISC
openark -- orchestrator
 
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.2021-03-03not yet calculatedCVE-2021-27940
MISC
MISC
MISC
openssh -- openssh
 
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.2021-03-05not yet calculatedCVE-2021-28041
MISC
MISC
MISC
MISC
oracle -- cloud_infrastructure_data_science_notebook
 
Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes to compromise Oracle Cloud Infrastructure Data Science Notebook Sessions. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data. All affected customers were notified of CVE-2021-2138 by Oracle. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)2021-03-03not yet calculatedCVE-2021-2138
MISC
ossec -- ossec
 
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.2021-03-05not yet calculatedCVE-2021-28040
MISC
pillow -- pillowPillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.2021-03-03not yet calculatedCVE-2021-27922
MISC
pillow -- pillowPillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.2021-03-03not yet calculatedCVE-2021-27923
MISC
pillow -- pillow
 
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.2021-03-03not yet calculatedCVE-2021-27921
MISC
pug -- pug
 
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.2021-03-03not yet calculatedCVE-2021-21353
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
qcubed -- qcubed

 

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.2021-03-04not yet calculatedCVE-2020-24914
MISC
MISC
MISC
qcubed -- qcubed
 
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.2021-03-04not yet calculatedCVE-2020-24912
MISC
MISC
MISC
readpermutation -- readpermutation
 
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.2021-03-05not yet calculatedCVE-2021-28026
MISC
red_hat -- red_hat
 
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.2021-03-03not yet calculatedCVE-2020-14372
MISC
MISC
redis -- redis
 
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.2021-02-26not yet calculatedCVE-2021-21309
MISC
MISC
CONFIRM
rockwell_automation -- studio_5000_logix_designer_and_rslogic_5000
 
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.2021-03-03not yet calculatedCVE-2021-22681
MISC
rust -- rust
 
An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free.2021-03-05not yet calculatedCVE-2021-28032
MISC
samsung -- keyboard
 
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.2021-03-04not yet calculatedCVE-2021-25340
MISC
CONFIRM
samsung -- mobile_devices
 
Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.2021-03-04not yet calculatedCVE-2021-25338
MISC
CONFIRM
samsung -- mobile_devices
 
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.2021-03-04not yet calculatedCVE-2021-25337
MISC
CONFIRM
samsung -- mobile_devices
 
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.2021-03-04not yet calculatedCVE-2021-25339
MISC
CONFIRM
samsung -- mobile_devices
 
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.2021-03-04not yet calculatedCVE-2021-25334
MISC
CONFIRM
samsung -- mobile_devices
 
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.2021-03-04not yet calculatedCVE-2021-25335
MISC
CONFIRM
samsung -- mobile_devices
 
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.2021-03-04not yet calculatedCVE-2021-25336
MISC
CONFIRM
samsung -- payImproper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.2021-03-04not yet calculatedCVE-2021-25333
MISC
CONFIRM
samsung -- payImproper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.2021-03-04not yet calculatedCVE-2021-25332
MISC
CONFIRM
samsung -- pay
 
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.2021-03-04not yet calculatedCVE-2021-25331
MISC
CONFIRM
samsung -- samsungHijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.2021-03-04not yet calculatedCVE-2021-25347
MISC
CONFIRM
samsung -- samsungA possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.2021-03-04not yet calculatedCVE-2021-25346
MISC
CONFIRM
samsung -- samsung
 
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.2021-03-04not yet calculatedCVE-2021-25345
MISC
CONFIRM
samsung -- samsung
 
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.2021-03-04not yet calculatedCVE-2021-25343
MISC
CONFIRM
samsung -- samsung
 
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.2021-03-04not yet calculatedCVE-2021-25344
MISC
CONFIRM
sangoma -- asterisk
 
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.2021-03-05not yet calculatedCVE-2019-18351
MISC
MISC
secomea -- sitemanagerCross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.2021-03-05not yet calculatedCVE-2020-29030
MISC
secomea -- sitemanager
 
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.2021-03-05not yet calculatedCVE-2020-29028
MISC
secomea -- sitemanager
 
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.2021-03-05not yet calculatedCVE-2020-29029
MISC
secomea -- sitemanager
 
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.6210540222021-03-05not yet calculatedCVE-2020-29032
MISC
secomea -- sitemanager
 
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.2021-03-05not yet calculatedCVE-2020-29020
MISC
slic3r -- slic3r
 
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.2021-03-03not yet calculatedCVE-2020-28591
MISC
smp -- smp
 
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.2021-03-04not yet calculatedCVE-2021-25342
MISC
CONFIRM
sonicwall -- sonicwall
 
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.2021-03-05not yet calculatedCVE-2020-5148
CONFIRM
sonlogger -- sonloggerSonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.2021-03-05not yet calculatedCVE-2021-27964
MISC
MISC
sonlogger -- sonlogger
 
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.2021-03-05not yet calculatedCVE-2021-27963
MISC
MISC
spire -- spire

 

In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.12021-03-05not yet calculatedCVE-2021-27099
MISC
spire -- spire
 
In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1.2021-03-05not yet calculatedCVE-2021-27098
MISC
spring-integration-zip -- spring-integration-zip
 
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.2021-03-01not yet calculatedCVE-2021-22114
MISC
squarebox -- catdv_server
 
An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes.2021-03-05not yet calculatedCVE-2021-26705
MISC
srs -- policy_manager
 
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.2021-03-01not yet calculatedCVE-2021-21517
MISC
stormshield -- network_security
 
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.2021-03-02not yet calculatedCVE-2021-3384
CONFIRM
suse -- linux_enterprise_server
 
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.2021-03-03not yet calculatedCVE-2021-25315
CONFIRM
suse -- rancher
 
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.2021-03-05not yet calculatedCVE-2021-25313
CONFIRM
CONFIRM
CONFIRM
tenable.sc -- core
 
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.2021-03-03not yet calculatedCVE-2021-20076
MISC
thinkadmin -- thinkadmin
 
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.2021-03-03not yet calculatedCVE-2020-35296
MISC
MISC
MISC
totvs -- fluig_luke
 
TOTVS Fluig Luke 1.7.0 allows directory traversal via a base64 encoded file=../ to a volume/stream/ URI. This affects: Fluig Lake 1.7.0-210217, Fluig Lake 1.7.0-210112, Fluig Lake 1.7.0-201215, Fluig Lake 1.7.0-201124 and Fluig Lake 1.7.0-200915.2021-03-05not yet calculatedCVE-2020-29134
MISC
MISC
trend_micro -- virus_scan_api_and_advanced_threat_scan_engine
 
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.2021-03-03not yet calculatedCVE-2021-25252
MISC
ultimatekode -- neo_billing
 
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.2021-03-02not yet calculatedCVE-2020-23518
MISC
veritas -- backup_exec
 
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.2021-03-01not yet calculatedCVE-2021-27878
MISC
veritas -- backup_exec
 
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.2021-03-01not yet calculatedCVE-2021-27877
MISC
veritas -- backup_exec
 
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.2021-03-01not yet calculatedCVE-2021-27876
MISC
vmware -- view_planner
 
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.2021-03-03not yet calculatedCVE-2021-21978
MISC
wazuh -- wazuh
 
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.2021-03-06not yet calculatedCVE-2021-26814
MISC
MISC
webkit -- webkitgtk
 
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.2021-03-03not yet calculatedCVE-2020-13558
MISC
wordpress -- wordpress
 
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php.2021-03-03not yet calculatedCVE-2020-29047
MISC
MISC
wps_hide_login -- wps_hide_login
 
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.2021-03-01not yet calculatedCVE-2021-3332
MISC
xerox -- altalink
 
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.2021-03-04not yet calculatedCVE-2019-18629
MISC
CONFIRM
xerox -- altalink
 
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.2021-03-04not yet calculatedCVE-2019-18630
MISC
xmlhttprequest -- xmlhttprequest
 
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.2021-03-05not yet calculatedCVE-2020-28502
MISC
MISC
MISC
MISC
MISC
ymfe -- yapiWeak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.2021-03-01not yet calculatedCVE-2021-27884
MISC
MISC
ytnef -- ytnef
 
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.2021-03-04not yet calculatedCVE-2021-3404
MISC
MISC
ytnef -- ytnef
 
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.2021-03-04not yet calculatedCVE-2021-3403
MISC
MISC
yubico -- yubihsm-shell
 
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product.2021-03-04not yet calculatedCVE-2021-27217
MISC
CONFIRM
zabbix -- zabbix
 
In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x before 5.2.4rc1, and 5.3.x and 5.4.x before 5.4.0alpha1, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method.2021-03-03not yet calculatedCVE-2021-27927
MISC
zendto -- zendto
 
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.2021-03-02not yet calculatedCVE-2021-27888
MISC
zint -- barcode_generator
 
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.2021-02-26not yet calculatedCVE-2021-27799
MISC
MISC
MISC
MISC
MISC
zoho -- manageengine_admanager_plus
 
Zoho ManageEngine ADManager Plus before 7066 allows XSS.2021-03-05not yet calculatedCVE-2020-35594
MISC
zoho -- manageengine_application_control_plus
 
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.2021-03-05not yet calculatedCVE-2020-29658
MISC
zoho -- manageengine_desktop_central
 
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.2021-03-05not yet calculatedCVE-2020-28050
CONFIRM
CONFIRM
zstd -- zstd
 
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.2021-03-04not yet calculatedCVE-2021-24031
MISC
MISC
MISC
zstd -- zstd
 
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.2021-03-04not yet calculatedCVE-2021-24032
MISC
MISC
MISC
zte -- zte
 
A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.2021-03-05not yet calculatedCVE-2021-21725
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.