Vulnerability Summary for the Week of April 5, 2021

Released
Apr 12, 2021
Document ID
SB21-102

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- ipad_osAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.2021-04-027.5CVE-2021-1794
MISC
apple -- ipad_osAn out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.2021-04-027.5CVE-2021-1796
MISC
apple -- ipad_osA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.2021-04-027.5CVE-2021-1818
MISC
MISC
MISC
MISC
apple -- ipad_osAn out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.2021-04-027.5CVE-2021-1795
MISC
apple -- ipadosA use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2020-9975
MISC
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption.2021-04-029.3CVE-2021-1767
MISC
MISC
apple -- ipadosA buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.2021-04-029.3CVE-2021-1763
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.2021-04-029.3CVE-2021-1758
MISC
MISC
MISC
MISC
apple -- ipadosMultiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2021-1750
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.2021-04-027.1CVE-2021-1791
MISC
MISC
MISC
MISC
apple -- ipadosMultiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.2021-04-029.3CVE-2020-9967
MISC
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-029.3CVE-2021-1759
MISC
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2020-27947
MISC
apple -- mac_os_xA race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2020-27921
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.2021-04-029.3CVE-2020-27915
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.2021-04-029.3CVE-2020-27914
MISC
MISC
apple -- mac_os_xA logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges.2021-04-029.3CVE-2021-1779
MISC
apple -- mac_os_xAn out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2021-1805
MISC
apple -- mac_os_xAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges.2021-04-029.3CVE-2020-29612
MISC
apple -- mac_os_xA race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.2021-04-027.6CVE-2021-1806
MISC
apple -- mac_os_xAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2020-10015
MISC
MISC
apple -- mac_os_xAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2020-27897
MISC
MISC
apple -- macosA memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2020-27907
MISC
MISC
apple -- maosA validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges.2021-04-029.3CVE-2020-27941
MISC
cohesity -- cohesity_dataplatformUndocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.2021-04-027.5CVE-2021-28123
CONFIRM
coreftp -- core_ftpBuffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.2021-04-057.5CVE-2020-19596
MISC
deltaflow_project -- deltaflowThe Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.2021-04-067.5CVE-2021-28171
MISC
MISC
deltaflow_project -- deltaflowThe file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.2021-04-067.5CVE-2021-28173
MISC
MISC
dlink -- dir-846_firmwareHNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.2021-04-0210CVE-2020-27600
MISC
MISC
MISC
dlink -- dir-878_firmwareAn issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.2021-04-027.5CVE-2021-30072
MISC
MISC
dmasoftlab -- dma_radius_managerDMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen.2021-04-027.5CVE-2021-29012
MISC
MISC
emlog -- emlogVulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.2021-04-027.5CVE-2020-21585
MISC
MISC
htmldoc_project -- htmldocInteger overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.2021-04-057.5CVE-2021-20308
MISC
MISC
latrix_project -- latrixAn issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.2021-04-027.5CVE-2021-30000
MISC
MISC
libpano13_project -- libpano13Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.2021-04-057.5CVE-2021-20307
MISC
MISC
luvion -- grand_elite_3_connect_firmwareAn issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.2021-04-028.3CVE-2020-11925
MISC
magpierss_project -- magpierssBecause of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.2021-04-027.5CVE-2021-28940
MISC
MISC
nettle_project -- nettleA flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.2021-04-057.5CVE-2021-20305
MISC
ocproducts -- composrComposr 10.0.36 allows upload and execution of PHP files.2021-04-067.5CVE-2021-30149
MISC
MISC
okta -- access_gatewayA command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.2021-04-029CVE-2021-28113
CONFIRM
openiam -- openiamOpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.2021-04-067.5CVE-2020-13420
MISC
openiam -- openiamOpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.2021-04-067.5CVE-2020-13421
MISC
posimyth -- the_plus_addons_for_elementorThe Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.2021-04-057.5CVE-2021-24175
MISC
CONFIRM
MISC
redmine -- redmineRedmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.2021-04-067.5CVE-2021-30164
MISC
riot-os -- riotRIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.2021-04-067.5CVE-2021-27697
MISC
riot-os -- riotRIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.2021-04-067.5CVE-2021-27698
MISC
riot-os -- riotRIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.2021-04-067.5CVE-2021-27357
MISC
sannce -- smart_hd_wifi_security_camera_ean_2_950004_595317_firmwareAn issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically.2021-04-027.8CVE-2019-20463
MISC
sannce -- smart_hd_wifi_security_camera_ean_2_950004_595317_firmwareAn issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.2021-04-027.2CVE-2019-20466
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
algolplus -- advanced_order_exportThis Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.2021-04-054.3CVE-2021-24169
CONFIRM
apache -- cxfCXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.2021-04-025CVE-2021-22696
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
apple -- icloudAn out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.2021-04-026.8CVE-2020-29617
MISC
MISC
MISC
MISC
MISC
apple -- icloudAn out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.2021-04-026.8CVE-2020-29619
MISC
MISC
MISC
MISC
MISC
apple -- icloudAn out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-29618
MISC
MISC
MISC
MISC
MISC
apple -- icloudA use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.2021-04-026.8CVE-2020-9926
MISC
MISC
MISC
MISC
MISC
apple -- icloudAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-29611
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-27933
MISC
MISC
MISC
MISC
MISC
apple -- ipad_osAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.2021-04-026.8CVE-2020-27908
MISC
MISC
MISC
MISC
MISC
apple -- ipad_osThis issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..2021-04-024.3CVE-2021-1879
MISC
MISC
MISC
apple -- ipad_osA memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.2021-04-026.8CVE-2020-27944
MISC
MISC
MISC
MISC
apple -- ipad_osA memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution.2021-04-026.8CVE-2020-27943
MISC
MISC
MISC
MISC
apple -- ipad_osA use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.2021-04-024.6CVE-2020-27899
MISC
MISC
MISC
MISC
apple -- ipad_osMultiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions.2021-04-024.3CVE-2020-27935
MISC
MISC
MISC
MISC
apple -- ipadosA type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.2021-04-026.8CVE-2021-1789
FEDORA
FEDORA
MISC
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.2021-04-026.8CVE-2021-1792
MISC
MISC
MISC
MISC
apple -- ipadosA logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain.2021-04-024.3CVE-2020-29613
MISC
apple -- ipadosA use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.2021-04-026.8CVE-2021-1788
FEDORA
MISC
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1785
MISC
MISC
MISC
MISC
apple -- ipadosAn access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1783
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1777
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution.2021-04-026.8CVE-2021-1776
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1774
MISC
MISC
MISC
MISC
apple -- ipadosA use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.2021-04-025CVE-2021-1764
MISC
MISC
MISC
MISC
apple -- ipadosA race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..2021-04-026.9CVE-2021-1782
MISC
MISC
MISC
MISC
apple -- ipadosA privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information.2021-04-024.3CVE-2021-1781
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.2021-04-026.8CVE-2021-1768
MISC
MISC
apple -- ipadosAn out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.2021-04-024.3CVE-2021-1778
MISC
MISC
MISC
MISC
apple -- ipadosA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.2021-04-024.3CVE-2021-1773
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.2021-04-024.3CVE-2021-1766
MISC
MISC
MISC
MISC
apple -- ipadosA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.2021-04-024.3CVE-2021-1760
MISC
MISC
MISC
MISC
apple -- ipadosA memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.2021-04-024.9CVE-2021-1780
MISC
apple -- ipadosA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files.2021-04-024.9CVE-2021-1786
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.2021-04-024.6CVE-2021-1757
MISC
MISC
MISC
MISC
apple -- ipadosMultiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.2021-04-024.6CVE-2021-1787
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory.2021-04-024.3CVE-2020-29639
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.2021-04-024.3CVE-2020-29615
MISC
MISC
MISC
MISC
apple -- ipadosAn information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory.2021-04-024.3CVE-2020-27946
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory.2021-04-024.3CVE-2020-29608
MISC
MISC
MISC
MISC
MISC
apple -- ipadosA stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.2021-04-026.8CVE-2021-1772
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory.2021-04-024.3CVE-2020-29610
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1754
MISC
MISC
MISC
MISC
apple -- ipadosA logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges.2021-04-026.8CVE-2020-9971
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution.2021-04-026.8CVE-2020-27948
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.2021-04-026.8CVE-2020-27951
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption.2021-04-026.8CVE-2020-29614
MISC
MISC
MISC
MISC
apple -- ipadosA memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.2021-04-026.8CVE-2020-29624
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-9955
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.2021-04-026.8CVE-2020-9956
MISC
MISC
MISC
MISC
MISC
apple -- ipadosA validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.2021-04-026.8CVE-2021-1748
MISC
MISC
MISC
apple -- ipadosA buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-9962
MISC
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution.2021-04-026.8CVE-2020-9960
MISC
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1741
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1742
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1743
MISC
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1746
MISC
MISC
MISC
MISC
apple -- ipadosAn out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution.2021-04-026.8CVE-2021-1747
MISC
MISC
MISC
MISC
apple -- mac_os_xThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-29625
MISC
apple -- mac_os_xA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information.2021-04-024.3CVE-2020-27937
MISC
MISC
apple -- mac_os_xAn out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1738
MISC
apple -- mac_os_xA use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution.2021-04-026.8CVE-2020-27920
MISC
MISC
MISC
MISC
MISC
apple -- mac_os_xThis issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.2021-04-026.8CVE-2020-29620
MISC
apple -- mac_os_xA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution.2021-04-026.8CVE-2020-27922
MISC
MISC
MISC
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-29616
MISC
apple -- mac_os_xThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.2021-04-026.8CVE-2021-1775
MISC
apple -- mac_os_xAn out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution.2021-04-026.8CVE-2020-27952
MISC
MISC
apple -- mac_os_xThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.2021-04-024.3CVE-2021-1765
FEDORA
FEDORA
MISC
apple -- mac_os_xAn integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution.2021-04-026.8CVE-2020-27945
MISC
MISC
apple -- mac_os_xAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1736
MISC
apple -- mac_os_xA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.2021-04-024.6CVE-2021-1751
MISC
apple -- mac_os_xA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.2021-04-026.8CVE-2020-27938
MISC
MISC
apple -- mac_os_xA memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.2021-04-026.8CVE-2020-27931
MISC
MISC
MISC
MISC
MISC
apple -- mac_os_xA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges.2021-04-024.6CVE-2021-1802
MISC
apple -- mac_os_xAn authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy.2021-04-026.5CVE-2020-29633
MISC
MISC
apple -- mac_os_xAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory.2021-04-026.6CVE-2020-9930
MISC
apple -- mac_os_xAn out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.2021-04-026.6CVE-2020-27936
MISC
apple -- mac_os_xThis issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace.2021-04-024.3CVE-2020-27949
MISC
apple -- mac_os_xAn out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-27919
MISC
MISC
apple -- mac_os_xAn out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2021-1737
MISC
apple -- mac_os_xAn input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.2021-04-024.3CVE-2020-10001
MISC
apple -- mac_os_xAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-27924
MISC
MISC
MISC
MISC
MISC
apple -- mac_os_xAn out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-27923
MISC
MISC
MISC
MISC
MISC
apple -- macosA logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information.2021-04-024.3CVE-2020-10008
MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.2021-04-026.8CVE-2020-27939
MISC
apple -- macosA logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.2021-04-024.3CVE-2020-27901
MISC
MISC
apple -- macosThe issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents.2021-04-024.3CVE-2021-1803
MISC
apple -- macosAn issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen.2021-04-024CVE-2020-27893
MISC
apple -- macos_serverAn issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting.2021-04-025.8CVE-2020-9995
MISC
apple -- safariA memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.2021-04-026.8CVE-2021-1844
FEDORA
MISC
MISC
MISC
MISC
apple -- xcodeA path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode.2021-04-024.3CVE-2021-1800
MISC
asus -- z10pr-d16_firmwareThe Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-064CVE-2021-28175
CONFIRM
CONFIRM
CONFIRM
cohesity -- cohesity_dataplatformA man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster.2021-04-024.3CVE-2021-28124
CONFIRM
contribsys -- sidekiqSidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.2021-04-064.3CVE-2021-30151
MISC
coreftp -- core_ftpBuffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username.2021-04-055CVE-2020-19595
MISC
cozmoslabs -- user_profile_pictureThe REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.2021-04-055CVE-2021-24170
CONFIRM
MISC
daifukuya -- kagemaiCross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.2021-04-074.3CVE-2021-20685
MISC
daifukuya -- kagemaiCross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.2021-04-076.8CVE-2021-20687
MISC
daifukuya -- kagemaiCross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.2021-04-074.3CVE-2021-20686
MISC
database-backups_project -- database-backupsThe Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.2021-04-055.8CVE-2021-24174
CONFIRM
dell -- system_updateDell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application.2021-04-024.9CVE-2021-21529
MISC
dell -- wyse_management_suiteWyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details2021-04-024CVE-2021-21533
MISC
deltaflow_project -- deltaflowThere is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.2021-04-065CVE-2021-28172
MISC
MISC
dmasoftlab -- dma_radius_managerDMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php).2021-04-024.3CVE-2021-29011
MISC
MISC
docsifyjs -- docsifydocsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character.2021-04-024.3CVE-2021-30074
MISC
eng -- knowageKnowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.2021-04-054.3CVE-2021-30058
MISC
eng -- knowageA SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.2021-04-056.5CVE-2021-30055
MISC
expresstech -- responsive_menuIn the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.2021-04-056.5CVE-2021-24160
CONFIRM
MISC
expresstech -- responsive_menuIn the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.2021-04-056.8CVE-2021-24162
CONFIRM
MISC
expresstech -- responsive_menuIn the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.2021-04-056.8CVE-2021-24161
CONFIRM
MISC
froala -- froala_editorFroala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.2021-04-054.3CVE-2021-30109
MISC
MISC
github -- enterprise_serverAn improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program.2021-04-024.3CVE-2021-22865
MISC
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.2021-04-024.3CVE-2021-22200
CONFIRM
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.2021-04-025CVE-2021-22203
CONFIRM
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.2021-04-024.3CVE-2021-22202
CONFIRM
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other2021-04-024CVE-2021-22197
CONFIRM
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.2021-04-024CVE-2021-22198
CONFIRM
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.2021-04-024CVE-2021-22201
CONFIRM
MISC
MISC
glpi-project -- dashboardThe Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.2021-04-064CVE-2021-30144
MISC
MISC
jamf -- jamfJamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376.2021-04-024.3CVE-2021-30125
MISC
lightmeter -- controlcenterLightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query.2021-04-026.4CVE-2021-30126
MISC
magnolia-cms -- magnolia_cmsMagnolia CMS contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.2021-04-024.3CVE-2021-25894
MISC
MISC
MISC
magpierss_project -- magpierssBecause of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.2021-04-025CVE-2021-28941
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.2021-04-065CVE-2021-30158
MISC
DEBIAN
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.2021-04-064.3CVE-2021-30157
MISC
DEBIAN
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.2021-04-064.3CVE-2021-30154
MISC
DEBIAN
ninjaforms -- ninja_formsIn the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.2021-04-054CVE-2021-24164
CONFIRM
MISC
ninjaforms -- ninja_formsThe AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.2021-04-056.5CVE-2021-24163
CONFIRM
MISC
ninjaforms -- ninja_formsThe wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.2021-04-055.8CVE-2021-24166
CONFIRM
MISC
ninjaforms -- ninja_formsIn the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.2021-04-055.8CVE-2021-24165
CONFIRM
MISC
ocproducts -- composrComposr 10.0.36 allows XSS in an XML script.2021-04-064.3CVE-2021-30150
MISC
MISC
openiam -- openiamOpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.2021-04-065CVE-2020-13419
MISC
openiam -- openiamOpenIAM before 4.2.0.3 allows XSS in the Add New User feature.2021-04-064.3CVE-2020-13418
MISC
openiam -- openiamOpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.2021-04-065.5CVE-2020-13422
MISC
piwigo -- piwigoSQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.2021-04-026.5CVE-2021-27973
MISC
pomerium -- pomeriumPomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process2021-04-025.8CVE-2021-29652
CONFIRM
pomerium -- pomeriumPomerium before 0.13.4 has an Open Redirect (issue 1 of 2).2021-04-025.8CVE-2021-29651
CONFIRM
redmine -- redmineRedmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.2021-04-065CVE-2020-36308
MISC
redmine -- redmineRedmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.2021-04-065CVE-2019-25026
MISC
redmine -- redmineRedmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.2021-04-065CVE-2021-30163
MISC
redmine -- redmineRedmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.2021-04-064.3CVE-2020-36307
MISC
redmine -- redmineRedmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.2021-04-064.3CVE-2020-36306
MISC
rstudio -- shiny_serverDirectory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.2021-04-025CVE-2021-3374
MISC
MISC
sannce -- smart_hd_wifi_security_camera_ean_2_950004_595317_firmwareAn issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating.2021-04-025CVE-2019-20464
MISC
sannce -- smart_hd_wifi_security_camera_ean_2_950004_595317_firmwareAn issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality.2021-04-025CVE-2019-20465
MISC
serenityos -- serenitySerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file.2021-04-066.8CVE-2021-28874
MISC
MISC
MISC
serenityos -- serenitySerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1.2021-04-065CVE-2021-27343
MISC
MISC
MISC
softing -- opc_toolboxA Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.2021-04-026.8CVE-2021-29660
MISC
svelte -- svelteThe unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.2021-04-056.8CVE-2021-29261
MISC
MISC
MISC
MISC
MISC
sygnoos -- popup_builderThe "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.2021-04-054.3CVE-2021-24152
CONFIRM
themeum -- tutor_lmsThe tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.2021-04-054CVE-2021-24181
CONFIRM
MISC
themeum -- tutor_lmsThe tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.2021-04-054CVE-2021-24182
CONFIRM
MISC
themeum -- tutor_lmsThe tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.2021-04-054CVE-2021-24183
CONFIRM
MISC
themeum -- tutor_lmsThe tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.2021-04-054CVE-2021-24185
CONFIRM
MISC
themeum -- tutor_lmsThe tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.2021-04-054CVE-2021-24186
CONFIRM
MISC
themeum -- tutor_lmsSeveral AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.2021-04-056.5CVE-2021-24184
CONFIRM
MISC
unionpayintl -- union_payUnion Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.2021-04-065CVE-2020-23533
MISC
MISC
MISC
unionpayintl -- union_payUnion Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.2021-04-065CVE-2020-36284
MISC
MISC
MISC
unionpayintl -- union_payUnion Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.2021-04-065CVE-2020-36285
MISC
MISC
MISC
vim_project -- vimVSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration.2021-04-056.8CVE-2021-28832
MISC
MISC
MISC
vm_backups_project -- vm_backupsThe VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue.2021-04-054.3CVE-2021-24173
CONFIRM
vm_backups_project -- vm_backupsThe VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current .2021-04-054.3CVE-2021-24172
CONFIRM
w1.fi -- hostapdIn wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.2021-04-025CVE-2021-30004
MISC
web-stat -- web-statWhen visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.2021-04-055CVE-2021-24167
CONFIRM
wire -- wire-webappwire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.2021-04-024.3CVE-2021-21400
MISC
MISC
MISC
CONFIRM
wso2 -- api_managerWSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.2021-04-054.3CVE-2020-17453
MISC
MISC
MISC
wuzhicms -- wuzhicmsDirectory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.2021-04-024CVE-2020-21590
MISC
MISC
yomi-search_project -- yomi-searchCross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.2021-04-074.3CVE-2021-20691
MISC
yomi-search_project -- yomi-searchCross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.2021-04-074.3CVE-2021-20690
MISC
yomi-search_project -- yomi-searchCross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.2021-04-074.3CVE-2021-20689
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- ipadosA logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.2021-04-022.1CVE-2021-1769
MISC
MISC
MISC
MISC
apple -- ipadosA lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information.2021-04-022.1CVE-2021-1756
MISC
apple -- ipados"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.2021-04-022.1CVE-2020-29623
FEDORA
FEDORA
MISC
MISC
MISC
apple -- ipadosThis issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state.2021-04-022.7CVE-2020-9978
MISC
MISC
MISC
MISC
MISC
apple -- mac_os_xThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences.2021-04-022.1CVE-2020-29621
MISC
apple -- macosA lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.2021-04-022.1CVE-2021-1755
MISC
clogica -- seo_redirectionThe setting page of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin through 6.3 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute.2021-04-053.5CVE-2021-24187
CONFIRM
cm-wp -- social_slider_widgetThe Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized2021-04-053.5CVE-2021-24196
MISC
CONFIRM
coreftp -- core_ftpBuffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.2021-04-022.1CVE-2020-21588
MISC
MISC
easy_contact_form_pro_project -- easy_contact_form_proThe Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.2021-04-053.5CVE-2021-24168
CONFIRM
elementor -- website_builderIn the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.2021-04-053.5CVE-2021-24202
CONFIRM
MISC
elementor -- website_builderIn the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.2021-04-053.5CVE-2021-24204
CONFIRM
MISC
elementor -- website_builderIn the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.2021-04-053.5CVE-2021-24203
CONFIRM
MISC
elementor -- website_builderIn the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.2021-04-053.5CVE-2021-24205
CONFIRM
MISC
elementor -- website_builderIn the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.2021-04-053.5CVE-2021-24201
CONFIRM
MISC
elementor -- website_builderIn the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.2021-04-053.5CVE-2021-24206
CONFIRM
MISC
eng -- knowageKnowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.2021-04-053.5CVE-2021-30056
MISC
eng -- knowageA stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.2021-04-053.5CVE-2021-30057
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.2021-04-023.5CVE-2021-22196
CONFIRM
MISC
MISC
ibm -- edge_application_managerIBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441.2021-04-053.5CVE-2020-4792
XF
CONFIRM
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1929142021-04-053.5CVE-2020-4997
XF
CONFIRM
jh_404_logger_project -- jh_404_loggerThe JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.2021-04-053.5CVE-2021-24176
CONFIRM
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.2021-04-022.1CVE-2021-30002
MISC
MISC
MISC
magnolia-cms -- magnolia_cmsMagnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.2021-04-023.5CVE-2021-25893
MISC
MISC
MISC
never5 -- related_postsUnvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.2021-04-053.5CVE-2021-24180
CONFIRM
nokia -- g-120w-f_firmwareAn issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.2021-04-023.5CVE-2021-30003
MISC
softing -- opc_toolboxSofting AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.2021-04-023.5CVE-2021-29661
MISC
testimonial_rotator_project -- testimonial_rotatorStored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation2021-04-053.5CVE-2021-24156
MISC
CONFIRM
themeisle -- orbit_foxOrbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.2021-04-053.5CVE-2021-24158
CONFIRM
MISC
themeisle -- orbit_foxOrbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious.2021-04-053.5CVE-2021-24157
CONFIRM
MISC
webdesi9 -- file_managerIn the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.2021-04-053.5CVE-2021-24177
MISC
MISC
CONFIRM
wizconnected -- a60_colors_firmwareAn issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)2021-04-023.3CVE-2020-11922
MISC
wizconnected -- colors_a60_firmwareAn issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.2021-04-022.1CVE-2020-11924
MISC
wizconnected -- wizAn issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.2021-04-022.1CVE-2020-11923
MISC
yoast -- yoast_seoA Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.2021-04-053.5CVE-2021-24153
MISC
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
admin.php -- online_book_store
 
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.2021-04-09not yet calculatedCVE-2020-23763
MISC
MISC
apple -- macos
 
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected.2021-04-06not yet calculatedCVE-2021-27899
CONFIRM
apple -- multiple_productsA logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..2021-04-02not yet calculatedCVE-2021-1870
FEDORA
FEDORA
MISC
MISC
apple -- multiple_products
 
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.2021-04-02not yet calculatedCVE-2021-1801
FEDORA
FEDORA
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.2021-04-02not yet calculatedCVE-2021-1799
FEDORA
FEDORA
MISC
MISC
MISC
MISC
MISC
aprelium -- abyss_web_server
 
An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application.2021-04-08not yet calculatedCVE-2021-3328
MISC
archive -- archive
 
Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives.2021-04-07not yet calculatedCVE-2021-20692
MISC
MISC
asus -- bmc_firmwareThe SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28189
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.2021-04-06not yet calculatedCVE-2021-28207
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28187
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28185
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.2021-04-06not yet calculatedCVE-2021-28204
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28183
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28198
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28181
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28179
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28178
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28177
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.2021-04-06not yet calculatedCVE-2021-28206
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmwareThe CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28200
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28201
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.2021-04-06not yet calculatedCVE-2021-28208
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.2021-04-06not yet calculatedCVE-2021-28209
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28202
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.2021-04-06not yet calculatedCVE-2021-28203
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.2021-04-06not yet calculatedCVE-2021-28205
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28199
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28197
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28186
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28176
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28182
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28184
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28196
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28188
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28190
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28191
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28192
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28193
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28194
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28195
CONFIRM
CONFIRM
CONFIRM
asus -- bmc_firmware
 
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.2021-04-06not yet calculatedCVE-2021-28180
CONFIRM
CONFIRM
CONFIRM
asus -- gputweak_ii
 
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl.2021-04-08not yet calculatedCVE-2021-28685
MISC
MISC
asus -- gputweak_ii
 
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.2021-04-08not yet calculatedCVE-2021-28686
MISC
MISC
atlassian -- jira_server_and_jira_data_center
 
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.2021-04-09not yet calculatedCVE-2020-36287
MISC
bixby -- bixby
 
Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.2021-04-09not yet calculatedCVE-2021-25380
CONFIRM
CONFIRM
cern -- indico
 
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.2021-04-07not yet calculatedCVE-2021-30185
MISC
MISC
cisco -- advanced_malware_protection
 
A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.2021-04-08not yet calculatedCVE-2021-1386
CISCO
cisco -- clam_antivirus

 

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.2021-04-08not yet calculatedCVE-2021-1405
CISCO
cisco -- clam_antivirus
 
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.2021-04-08not yet calculatedCVE-2021-1252
CISCO
cisco -- clam_antivirus
 
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.0 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.2021-04-08not yet calculatedCVE-2021-1404
CISCO
cisco -- ios_xr_software
 
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to an affected command. A successful exploit could allow the attacker to execute commands on the underlying Linux OS with root privileges.2021-04-08not yet calculatedCVE-2021-1485
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.2021-04-08not yet calculatedCVE-2021-1415
CISCO
cisco -- multiple_routers
 
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability.2021-04-08not yet calculatedCVE-2021-1459
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.2021-04-08not yet calculatedCVE-2021-1414
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.2021-04-08not yet calculatedCVE-2021-1413
CISCO
cisco -- sd-wan
 
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.2021-04-08not yet calculatedCVE-2021-1137
CISCO
cisco -- sd-wan_vmanage_software
 
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.2021-04-08not yet calculatedCVE-2021-1479
CISCO
cisco -- sd-wan_vmanage_software
 
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.2021-04-08not yet calculatedCVE-2021-1480
CISCO
cisco -- small_business_rv_series_routersMultiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).2021-04-08not yet calculatedCVE-2021-1308
CISCO
cisco -- small_business_rv_series_routers
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).2021-04-08not yet calculatedCVE-2021-1251
CISCO
cisco -- small_business_rv_series_routers
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).2021-04-08not yet calculatedCVE-2021-1309
CISCO
cisco -- small_business_rv_series_routers
 
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2021-04-08not yet calculatedCVE-2021-1473
CISCO
cisco -- small_business_rv_series_routers
 
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2021-04-08not yet calculatedCVE-2021-1472
CISCO
cisco -- umbrella

 

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2021-04-08not yet calculatedCVE-2021-1475
CISCO
cisco -- umbrella
 
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2021-04-08not yet calculatedCVE-2021-1474
CISCO
cisco -- unified_communications_managerA vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.2021-04-08not yet calculatedCVE-2021-1399
CISCO
cisco -- unified_communications_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.2021-04-08not yet calculatedCVE-2021-1380
CISCO
cisco -- unified_communications_manager
 
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.2021-04-08not yet calculatedCVE-2021-1362
CISCO
cisco -- unified_intelligence_center_software
 
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2021-04-08not yet calculatedCVE-2021-1463
CISCO
cisco -- univied_communications_managerMultiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.2021-04-08not yet calculatedCVE-2021-1409
CISCO
cisco -- univied_communications_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.2021-04-08not yet calculatedCVE-2021-1408
CISCO
cisco -- univied_communications_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.2021-04-08not yet calculatedCVE-2021-1407
CISCO
cisco -- univied_communications_manager
 
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.2021-04-08not yet calculatedCVE-2021-1406
CISCO
cisco -- webexA vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.2021-04-08not yet calculatedCVE-2021-1420
CISCO
cisco -- webex
 
A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user.2021-04-08not yet calculatedCVE-2021-1467
CISCO
citsmart-- citsmart
 
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."2021-04-06not yet calculatedCVE-2021-28142
MISC
cloud_controller -- cloud_controller
 
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.2021-04-08not yet calculatedCVE-2021-22115
MISC
d-link -- dsl-320b-d1_devices
 
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2021-04-07not yet calculatedCVE-2021-26709
MISC
FULLDISC
MISC
MISC
directus -- directus
 
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).2021-04-07not yet calculatedCVE-2021-29641
MISC
FULLDISC
MISC
MISC
MISC
discord -- recon_server
 
Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2.2021-04-09not yet calculatedCVE-2021-21433
MISC
MISC
CONFIRM
django -- django
 
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.2021-04-06not yet calculatedCVE-2021-28658
MISC
MISC
MLIST
CONFIRM
dma -- softlab_radius_manager
 
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.2021-04-07not yet calculatedCVE-2021-30147
MISC
MISC
MISC
dnsmasque -- dnsmasque
 
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.2021-04-08not yet calculatedCVE-2021-3448
MISC
dolby -- audio_x2
 
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.2021-04-08not yet calculatedCVE-2021-3146
MISC
dream_report -- r20-1A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability.2021-04-09not yet calculatedCVE-2020-13534
MISC
dream_report -- r20-1
 
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.2021-04-09not yet calculatedCVE-2020-13532
MISC
dream_report -- r20-1
 
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application.2021-04-09not yet calculatedCVE-2020-13533
MISC
eclipse -- mosquitto
 
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.2021-04-07not yet calculatedCVE-2021-28166
CONFIRM
erlang -- erlang
 
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.2021-04-09not yet calculatedCVE-2021-29221
MISC
MISC
esri -- acrgis_onlineA cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI ArcGIS Online before 10.9 and Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).2021-04-08not yet calculatedCVE-2021-3012
MISC
exiv2 -- exiv2
 
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.2021-04-08not yet calculatedCVE-2021-3482
MISC
ffmpeg -- ffmpeg
 
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.2021-04-07not yet calculatedCVE-2021-30123
MISC
MISC
MISC
forcepoint -- web_security_content_gateway
 
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.2021-04-08not yet calculatedCVE-2020-6590
CONFIRM
freebsd -- multiple_products
 
In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.2021-04-07not yet calculatedCVE-2020-25584
MISC
freebsd -- multiple_products
 
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.2021-04-07not yet calculatedCVE-2021-29627
MISC
freebsd -- multiple_products
 
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unpriivleged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.2021-04-07not yet calculatedCVE-2021-29626
MISC
friendica -- friendica
 
** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users."2021-04-05not yet calculatedCVE-2021-30141
MISC
MISC
gnome -- gnome
 
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.2021-04-07not yet calculatedCVE-2020-36314
MISC
MISC
gnu -- chess
 
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.2021-04-07not yet calculatedCVE-2021-30184
MISC
MISC
google -- chromeHeap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-04-09not yet calculatedCVE-2021-21197
MISC
MISC
google -- chromeOut of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.2021-04-09not yet calculatedCVE-2021-21198
MISC
MISC
google -- chromeHeap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-04-09not yet calculatedCVE-2021-21196
MISC
MISC
google -- chrome
 
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-04-09not yet calculatedCVE-2021-21195
MISC
MISC
google -- chrome
 
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2021-04-09not yet calculatedCVE-2021-21199
MISC
MISC
google -- chrome
 
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-04-09not yet calculatedCVE-2021-21194
MISC
MISC
grav_admin_plugin -- grav_admin_plugin
 
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.2021-04-07not yet calculatedCVE-2021-21425
CONFIRM
MISC
huawei -- multiple_products
 
There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.2021-04-08not yet calculatedCVE-2021-22312
MISC
ibm -- webspehere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.2021-04-08not yet calculatedCVE-2021-20480
XF
CONFIRM
ikuaios -- build
 
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.2021-04-06not yet calculatedCVE-2021-28075
MISC
imb -- spectrum_scale
 
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.2021-04-09not yet calculatedCVE-2021-29671
XF
CONFIRM
jenkins -- multiple_products
 
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.2021-04-07not yet calculatedCVE-2021-21641
MLIST
CONFIRM
jenkins -- multiple_products
 
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.2021-04-07not yet calculatedCVE-2021-21640
MLIST
CONFIRM
jenkins -- multiple_products
 
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.2021-04-07not yet calculatedCVE-2021-21639
MLIST
CONFIRM
jsrsasign --jsrsasign
 
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.2021-04-07not yet calculatedCVE-2021-30246
MISC
MISC
MISC
larsens -- calender
 
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.2021-04-09not yet calculatedCVE-2020-23762
MISC
MISC
learnsite -- learnsite
 
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.2021-04-08not yet calculatedCVE-2021-27522
MISC
lg -- mobile_devicesAn issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021).2021-04-06not yet calculatedCVE-2021-30161
MISC
lg -- mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).2021-04-06not yet calculatedCVE-2021-30162
MISC
libertro -- retroarch
 
The text-to-speech engine in libretro RetroArch for Windows 0.11 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.2021-04-07not yet calculatedCVE-2021-28927
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.2021-04-07not yet calculatedCVE-2020-36312
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.2021-04-07not yet calculatedCVE-2020-36310
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.2021-04-07not yet calculatedCVE-2021-30178
MISC
linux -- linux_kernel
 
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.2021-04-06not yet calculatedCVE-2021-28688
MISC
linux -- linux_kernel
 
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.2021-04-08not yet calculatedCVE-2021-29154
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.2021-04-07not yet calculatedCVE-2020-36311
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.2021-04-07not yet calculatedCVE-2020-36313
MISC
MISC
liquidfiles -- liquidfiles
 
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5.2021-04-06not yet calculatedCVE-2021-30140
MISC
MISC
MISC
litespeed_technologies -- openlitespeed_web_server
 
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.2021-04-07not yet calculatedCVE-2021-26758
MISC
CONFIRM
EXPLOIT-DB
magazinerz -- magazinerz
 
Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors.2021-04-07not yet calculatedCVE-2021-20684
MISC
manageengine -- servicedesk_plus
 
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.2021-04-09not yet calculatedCVE-2021-20080
MISC
mark_text -- mark_text
 
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.2021-04-05not yet calculatedCVE-2021-29996
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.2021-04-09not yet calculatedCVE-2021-30152
MISC
DEBIAN
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.2021-04-09not yet calculatedCVE-2021-30159
MISC
DEBIAN
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.2021-04-09not yet calculatedCVE-2021-30156
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.2021-04-09not yet calculatedCVE-2021-30155
MISC
DEBIAN
micro_focus -- application_automation_tools_pluginMissing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.2021-04-08not yet calculatedCVE-2021-22513
MISC
micro_focus -- application_automation_tools_plugin
 
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.2021-04-08not yet calculatedCVE-2021-22512
MISC
micro_focus -- application_automation_tools_plugin
 
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates.2021-04-08not yet calculatedCVE-2021-22511
MISC
micro_focus -- application_automation_tools_plugin
 
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions.2021-04-08not yet calculatedCVE-2021-22510
MISC
micro_focus -- operations_bridge_manager
 
Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access.2021-04-08not yet calculatedCVE-2021-22507
MISC
mitake -- mitake
 
Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.2021-04-08not yet calculatedCVE-2021-28174
MISC
mongodb-- compass
 
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.2021-04-06not yet calculatedCVE-2021-20334
MISC
mozilla -- firefox

 

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.2021-04-07not yet calculatedCVE-2013-1055
UBUNTU
UBUNTU
mozilla -- firefox
 
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.2021-04-07not yet calculatedCVE-2013-1054
UBUNTU
UBUNTU
nagios -- network_analyzerSQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.2021-04-08not yet calculatedCVE-2021-28925
MISC
MISC
nagios -- network_analyzer
 
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.2021-04-08not yet calculatedCVE-2021-28924
MISC
MISC
openresty -- openresty
 
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.2021-04-06not yet calculatedCVE-2020-36309
MISC
MISC
MISC
perl -- perl
 
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.2021-04-06not yet calculatedCVE-2021-29424
MISC
FEDORA
FEDORA
FEDORA
MISC
php-nuke -- php-nuke
 
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.2021-04-07not yet calculatedCVE-2021-30177
MISC
phpseclib -- phpseclib
 
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.2021-04-06not yet calculatedCVE-2021-30130
MISC
CONFIRM
CONFIRM
projen -- projen
 
`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen's `NodeProject` project type (including any project type derived from it) include a `.github/workflows/rebuild-bot.yml` workflow that may allow any GitHub user to trigger execution of un-trusted code in the context of the "main" repository (as opposed to that of a fork). In some situations, such untrusted code may potentially be able to commit to the "main" repository. The rebuild-bot workflow is triggered by comments including `@projen rebuild` on pull-request to trigger a re-build of the projen project, and updating the pull request with the updated files. This workflow is triggered by an `issue_comment` event, and thus always executes with a `GITHUB_TOKEN` belonging to the repository into which the pull-request is made (this is in contrast with workflows triggered by `pull_request` events, which always execute with a `GITHUB_TOKEN` belonging to the repository from which the pull-request is made). Repositories that do not have branch protection configured on their default branch (typically `main` or `master`) could possibly allow an untrusted user to gain access to secrets configured on the repository (such as NPM tokens, etc). Branch protection prohibits this escalation, as the managed `GITHUB_TOKEN` would not be able to modify the contents of a protected branch and affected workflows must be defined on the default branch.2021-04-06not yet calculatedCVE-2021-21423
MISC
CONFIRM
MISC
proofpoint -- insider_threat_management_serverThe Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.2021-04-06not yet calculatedCVE-2021-22158
CONFIRM
proofpoint -- insider_threat_management_server
 
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.2021-04-06not yet calculatedCVE-2021-27900
CONFIRM
proofpoint -- insider_threat_management_server
 
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.2021-04-06not yet calculatedCVE-2021-22157
CONFIRM
qualcomm -- multiple_snapdragon_productsMemory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile2021-04-07not yet calculatedCVE-2020-11237
CONFIRM
qualcomm -- multiple_snapdragon_productsDenial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables2021-04-07not yet calculatedCVE-2020-11255
CONFIRM
qualcomm -- multiple_snapdragon_productsUnintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking2021-04-07not yet calculatedCVE-2020-11245
CONFIRM
qualcomm -- multiple_snapdragon_productsOut of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-04-07not yet calculatedCVE-2020-11247
CONFIRM
qualcomm -- multiple_snapdragon_productsTwo threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2021-04-07not yet calculatedCVE-2020-11231
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking2021-04-07not yet calculatedCVE-2021-1892
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking2021-04-07not yet calculatedCVE-2020-11210
CONFIRM
qualcomm -- multiple_snapdragon_products
 
User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile2021-04-07not yet calculatedCVE-2020-11242
CONFIRM
qualcomm -- multiple_snapdragon_products
 
RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile2021-04-07not yet calculatedCVE-2020-11243
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile2021-04-07not yet calculatedCVE-2020-11236
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-04-07not yet calculatedCVE-2020-11252
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-04-07not yet calculatedCVE-2020-11251
CONFIRM
qualcomm -- multiple_snapdragon_products
 
When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-04-07not yet calculatedCVE-2020-11234
CONFIRM
qualcomm -- multiple_snapdragon_products
 
A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2021-04-07not yet calculatedCVE-2020-11246
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2021-04-07not yet calculatedCVE-2020-11191
CONFIRM
ranker -- ranker
 
Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors.2021-04-07not yet calculatedCVE-2021-20688
MISC
realtek -- rtl8723de_ble_stack
 
An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.2021-04-08not yet calculatedCVE-2020-23539
MISC
red_hat -- red-Hat
 
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2021-04-08not yet calculatedCVE-2021-3413
MISC
relic -- relic
 
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.2021-04-07not yet calculatedCVE-2020-36315
MISC
MISC
MISC
MISC
relic -- relic
 
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.2021-04-07not yet calculatedCVE-2020-36316
MISC
MISC
MISC
MISC
rukovoditel -- project_management_appAn exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.2021-04-09not yet calculatedCVE-2020-13592
MISC
rukovoditel -- project_management_app
 
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.2021-04-09not yet calculatedCVE-2020-13587
MISC
rukovoditel -- project_management_app
 
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.2021-04-09not yet calculatedCVE-2020-13591
MISC
rust -- id-map
 
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl.2021-04-07not yet calculatedCVE-2021-30457
MISC
rust -- id-map
 
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function.2021-04-07not yet calculatedCVE-2021-30456
MISC
rust -- id-map
 
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic.2021-04-07not yet calculatedCVE-2021-30455
MISC
rust -- outer_cgi
 
An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader.2021-04-07not yet calculatedCVE-2021-30454
MISC
samsung -- mobileAn improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.2021-04-09not yet calculatedCVE-2021-25362
CONFIRM
CONFIRM
samsung -- mobile

 

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.2021-04-09not yet calculatedCVE-2021-25363
CONFIRM
CONFIRM
samsung -- mobile

 

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.2021-04-09not yet calculatedCVE-2021-25375
CONFIRM
CONFIRM
samsung -- mobile

 

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.2021-04-09not yet calculatedCVE-2021-25374
CONFIRM
CONFIRM
samsung -- mobile

 

Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.2021-04-09not yet calculatedCVE-2021-25379
CONFIRM
CONFIRM
samsung -- mobile

 

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.2021-04-09not yet calculatedCVE-2021-25361
CONFIRM
CONFIRM
samsung -- mobile

 

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.2021-04-09not yet calculatedCVE-2021-25357
CONFIRM
CONFIRM
samsung -- mobile

 

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.2021-04-09not yet calculatedCVE-2021-25356
CONFIRM
CONFIRM
samsung -- mobile
 
An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.2021-04-09not yet calculatedCVE-2021-25376
CONFIRM
CONFIRM
samsung -- mobile
 
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.2021-04-09not yet calculatedCVE-2021-25373
CONFIRM
CONFIRM
samsung -- mobile
 
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.2021-04-09not yet calculatedCVE-2021-25377
CONFIRM
CONFIRM
samsung -- mobile
 
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.2021-04-09not yet calculatedCVE-2021-25378
CONFIRM
CONFIRM
samsung -- mobile
 
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.2021-04-09not yet calculatedCVE-2021-25364
CONFIRM
CONFIRM
samsung -- mobile
 
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.2021-04-09not yet calculatedCVE-2021-25365
CONFIRM
CONFIRM
samsung -- mobile
 
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.2021-04-09not yet calculatedCVE-2021-25381
CONFIRM
CONFIRM
samsung -- mobile
 
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.2021-04-09not yet calculatedCVE-2021-25360
CONFIRM
CONFIRM
samsung -- mobile
 
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.2021-04-09not yet calculatedCVE-2021-25359
CONFIRM
CONFIRM
samsung -- mobile
 
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.2021-04-09not yet calculatedCVE-2021-25358
CONFIRM
CONFIRM
seafile -- seafile
 
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."2021-04-06not yet calculatedCVE-2021-30146
MISC
serentiyos -- serenityos
 
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.2021-04-06not yet calculatedCVE-2021-30045
MISC
MISC
MISC
skyworth_digital_technology -- rn510
 
Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed.2021-04-09not yet calculatedCVE-2021-25326
MISC
skyworth_digital_technology -- rn510
 
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device.2021-04-09not yet calculatedCVE-2021-25328
MISC
skyworth_digital_technology -- rn510
 
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS).2021-04-09not yet calculatedCVE-2021-25327
MISC
sonicwall -- email_security
 
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.2021-04-09not yet calculatedCVE-2021-20021
CONFIRM
sonicwall -- email_security
 
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.2021-04-09not yet calculatedCVE-2021-20022
CONFIRM
sonicwall -- gms
 
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.2021-04-10not yet calculatedCVE-2021-20020
CONFIRM
sopel-channelmgnt -- sopel-channelmgnt
 
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1.2021-04-09not yet calculatedCVE-2021-21431
MISC
CONFIRM
MISC
squirro -- insights_engine
 
The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.2021-04-08not yet calculatedCVE-2021-27945
CONFIRM
subrion -- cms_version
 
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.2021-04-09not yet calculatedCVE-2020-23761
MISC
MISC
syncthing -- syncthing
 
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0.2021-04-06not yet calculatedCVE-2021-21404
MISC
MISC
CONFIRM
MISC
teradici -- pcoip_connection_manager_and_security_gateway
 
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.2021-04-06not yet calculatedCVE-2021-25692
MISC
timelybills -- timelybills
 
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.2021-04-06not yet calculatedCVE-2021-26833
MISC
umoci -- umoci
 
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.2021-04-06not yet calculatedCVE-2021-29136
MISC
CONFIRM
CONFIRM
unibox -- u-50_and_enterprise_series
 
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.2021-04-09not yet calculatedCVE-2020-21884
MISC
MISC
MISC
unibox -- u-50_and_enterprise_series
 
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.2021-04-09not yet calculatedCVE-2020-21883
MISC
MISC
MISC
valve_stream -- valve_stream
 
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.2021-04-10not yet calculatedCVE-2021-30481
MISC
MISC
MISC
MISC
vela -- vela
 
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the referenced GitHub Security Advisory for complete details. This is fixed in version 0.7.5.2021-04-09not yet calculatedCVE-2021-21432
MISC
MISC
MISC
CONFIRM
MISC
vestacp -- vestacp
 
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely.2021-04-08not yet calculatedCVE-2021-30463
MISC
vestacp -- vestacp
 
VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts.2021-04-08not yet calculatedCVE-2021-30462
MISC
vigra -- computer_vision_library
 
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.2021-04-06not yet calculatedCVE-2021-30046
MISC
wcms -- wcmsCross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.2021-04-07not yet calculatedCVE-2020-24138
MISC
wcms -- wcmsServer-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.2021-04-07not yet calculatedCVE-2020-24139
MISC
wcms -- wcmsDirectory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.2021-04-07not yet calculatedCVE-2020-24137
MISC
wcms -- wcms
 
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.2021-04-07not yet calculatedCVE-2020-24136
MISC
wcms -- wcms
 
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.2021-04-07not yet calculatedCVE-2020-24140
MISC
wcms -- wcms
 
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.2021-04-07not yet calculatedCVE-2020-24135
MISC
web-school_erp -- web_school_erpA blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.2021-04-08not yet calculatedCVE-2021-30113
MISC
MISC
MISC
web-school_erp -- web_school_erp
 
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.2021-04-08not yet calculatedCVE-2021-30112
MISC
MISC
MISC
web-school_erp -- web_school_erp
 
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.2021-04-08not yet calculatedCVE-2021-30111
MISC
MISC
MISC
web-school_erp -- web_school_erp
 
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.2021-04-08not yet calculatedCVE-2021-30114
MISC
MISC
MISC
whatsapp -- whatsapp
 
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.2021-04-06not yet calculatedCVE-2021-24027
CONFIRM
whatsapp -- whatsapp
 
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.2021-04-06not yet calculatedCVE-2021-24026
CONFIRM
wikimedia -- parsoid
 
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.2021-04-09not yet calculatedCVE-2021-30458
MISC
MISC
wordpress -- wordpressThe editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action.2021-04-05not yet calculatedCVE-2021-24208
CONFIRM
MISC
wordpress -- wordpressBy default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.2021-04-05not yet calculatedCVE-2021-24207
CONFIRM
MISC
wordpress -- wordpressThe WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.2021-04-05not yet calculatedCVE-2021-24211
CONFIRM
wordpress -- wordpressThe WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.2021-04-05not yet calculatedCVE-2021-24212
MISC
CONFIRM
wordpress -- wordpressThe Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd2021-04-05not yet calculatedCVE-2021-24154
CONFIRM
wordpress -- wordpress
 
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain.2021-04-05not yet calculatedCVE-2021-24210
MISC
CONFIRM
wordpress -- wordpress
 
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.2021-04-05not yet calculatedCVE-2021-24171
CONFIRM
MISC
wordpress -- wordpress
 
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.2021-04-05not yet calculatedCVE-2021-24159
CONFIRM
MISC
wordpress -- wordpress
 
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.2021-04-05not yet calculatedCVE-2021-24209
MISC
MISC
CONFIRM
wordpress -- wordpress
 
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.2021-04-05not yet calculatedCVE-2021-24155
CONFIRM
wordpress -- wordpress
 
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).2021-04-05not yet calculatedCVE-2021-24150
CONFIRM
xiaomi -- ax1800_routers
 
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.2021-04-08not yet calculatedCVE-2020-14099
MISC
xiaomi -- ax3600_routers
 
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.2021-04-08not yet calculatedCVE-2020-14104
MISC
xiaomi -- mobile_phones
 
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.2021-04-08not yet calculatedCVE-2020-14106
MISC
xiaomi -- mobile_phones
 
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.2021-04-08not yet calculatedCVE-2020-14103
MISC
zoom -- zoom
 
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.2021-04-09not yet calculatedCVE-2021-30480
MISC
MISC
MISC
MISC
MISC
MISC
zte -- zxa10_c300mA ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.2021-04-09not yet calculatedCVE-2021-21728
MISC
zzcms -- zzcms
 
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.2021-04-08not yet calculatedCVE-2020-23426
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.