Vulnerability Summary for the Week of April 5, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- ipad_os | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | 2021-04-02 | 7.5 | CVE-2021-1794 MISC |
apple -- ipad_os | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | 2021-04-02 | 7.5 | CVE-2021-1796 MISC |
apple -- ipad_os | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2021-04-02 | 7.5 | CVE-2021-1818 MISC MISC MISC MISC |
apple -- ipad_os | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | 2021-04-02 | 7.5 | CVE-2021-1795 MISC |
apple -- ipados | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2020-9975 MISC MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption. | 2021-04-02 | 9.3 | CVE-2021-1767 MISC MISC |
apple -- ipados | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2021-04-02 | 9.3 | CVE-2021-1763 MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | 2021-04-02 | 9.3 | CVE-2021-1758 MISC MISC MISC MISC |
apple -- ipados | Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2021-1750 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory. | 2021-04-02 | 7.1 | CVE-2021-1791 MISC MISC MISC MISC |
apple -- ipados | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2021-04-02 | 9.3 | CVE-2020-9967 MISC MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 9.3 | CVE-2021-1759 MISC MISC MISC |
apple -- mac_os_x | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2020-27947 MISC |
apple -- mac_os_x | A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2020-27921 MISC MISC |
apple -- mac_os_x | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. | 2021-04-02 | 9.3 | CVE-2020-27915 MISC MISC |
apple -- mac_os_x | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. | 2021-04-02 | 9.3 | CVE-2020-27914 MISC MISC |
apple -- mac_os_x | A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges. | 2021-04-02 | 9.3 | CVE-2021-1779 MISC |
apple -- mac_os_x | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2021-1805 MISC |
apple -- mac_os_x | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges. | 2021-04-02 | 9.3 | CVE-2020-29612 MISC |
apple -- mac_os_x | A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 7.6 | CVE-2021-1806 MISC |
apple -- mac_os_x | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2020-10015 MISC MISC |
apple -- mac_os_x | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2020-27897 MISC MISC |
apple -- macos | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2020-27907 MISC MISC |
apple -- maos | A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. | 2021-04-02 | 9.3 | CVE-2020-27941 MISC |
cohesity -- cohesity_dataplatform | Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. | 2021-04-02 | 7.5 | CVE-2021-28123 CONFIRM |
coreftp -- core_ftp | Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. | 2021-04-05 | 7.5 | CVE-2020-19596 MISC |
deltaflow_project -- deltaflow | The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie. | 2021-04-06 | 7.5 | CVE-2021-28171 MISC MISC |
deltaflow_project -- deltaflow | The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login. | 2021-04-06 | 7.5 | CVE-2021-28173 MISC MISC |
dlink -- dir-846_firmware | HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. | 2021-04-02 | 10 | CVE-2020-27600 MISC MISC MISC |
dlink -- dir-878_firmware | An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. | 2021-04-02 | 7.5 | CVE-2021-30072 MISC MISC |
dmasoftlab -- dma_radius_manager | DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen. | 2021-04-02 | 7.5 | CVE-2021-29012 MISC MISC |
emlog -- emlog | Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. | 2021-04-02 | 7.5 | CVE-2020-21585 MISC MISC |
htmldoc_project -- htmldoc | Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. | 2021-04-05 | 7.5 | CVE-2021-20308 MISC MISC |
latrix_project -- latrix | An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution. | 2021-04-02 | 7.5 | CVE-2021-30000 MISC MISC |
libpano13_project -- libpano13 | Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | 2021-04-05 | 7.5 | CVE-2021-20307 MISC MISC |
luvion -- grand_elite_3_connect_firmware | An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model. | 2021-04-02 | 8.3 | CVE-2020-11925 MISC |
magpierss_project -- magpierss | Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands. | 2021-04-02 | 7.5 | CVE-2021-28940 MISC MISC |
nettle_project -- nettle | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. | 2021-04-05 | 7.5 | CVE-2021-20305 MISC |
ocproducts -- composr | Composr 10.0.36 allows upload and execution of PHP files. | 2021-04-06 | 7.5 | CVE-2021-30149 MISC MISC |
okta -- access_gateway | A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. | 2021-04-02 | 9 | CVE-2021-28113 CONFIRM |
openiam -- openiam | OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. | 2021-04-06 | 7.5 | CVE-2020-13420 MISC |
openiam -- openiam | OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions. | 2021-04-06 | 7.5 | CVE-2020-13421 MISC |
posimyth -- the_plus_addons_for_elementor | The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active. | 2021-04-05 | 7.5 | CVE-2021-24175 MISC CONFIRM MISC |
redmine -- redmine | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. | 2021-04-06 | 7.5 | CVE-2021-30164 MISC |
riot-os -- riot | RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function. | 2021-04-06 | 7.5 | CVE-2021-27697 MISC |
riot-os -- riot | RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. | 2021-04-06 | 7.5 | CVE-2021-27698 MISC |
riot-os -- riot | RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. | 2021-04-06 | 7.5 | CVE-2021-27357 MISC |
sannce -- smart_hd_wifi_security_camera_ean_2_950004_595317_firmware | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically. | 2021-04-02 | 7.8 | CVE-2019-20463 MISC |
sannce -- smart_hd_wifi_security_camera_ean_2_950004_595317_firmware | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device. | 2021-04-02 | 7.2 | CVE-2019-20466 MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
algolplus -- advanced_order_export | This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. | 2021-04-05 | 4.3 | CVE-2021-24169 CONFIRM |
apache -- cxf | CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. | 2021-04-02 | 5 | CVE-2021-22696 MLIST CONFIRM MLIST MLIST MLIST MLIST |
apple -- icloud | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. | 2021-04-02 | 6.8 | CVE-2020-29617 MISC MISC MISC MISC MISC |
apple -- icloud | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. | 2021-04-02 | 6.8 | CVE-2020-29619 MISC MISC MISC MISC MISC |
apple -- icloud | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-29618 MISC MISC MISC MISC MISC |
apple -- icloud | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-9926 MISC MISC MISC MISC MISC |
apple -- icloud | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-29611 MISC MISC MISC MISC MISC |
apple -- icloud | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27933 MISC MISC MISC MISC MISC |
apple -- ipad_os | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27908 MISC MISC MISC MISC MISC |
apple -- ipad_os | This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. | 2021-04-02 | 4.3 | CVE-2021-1879 MISC MISC MISC |
apple -- ipad_os | A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27944 MISC MISC MISC MISC |
apple -- ipad_os | A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27943 MISC MISC MISC MISC |
apple -- ipad_os | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges. | 2021-04-02 | 4.6 | CVE-2020-27899 MISC MISC MISC MISC |
apple -- ipad_os | Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions. | 2021-04-02 | 4.3 | CVE-2020-27935 MISC MISC MISC MISC |
apple -- ipados | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1789 FEDORA FEDORA MISC MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1792 MISC MISC MISC MISC |
apple -- ipados | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain. | 2021-04-02 | 4.3 | CVE-2020-29613 MISC |
apple -- ipados | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1788 FEDORA MISC MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1785 MISC MISC MISC MISC |
apple -- ipados | An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1783 MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1777 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1776 MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1774 MISC MISC MISC MISC |
apple -- ipados | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. | 2021-04-02 | 5 | CVE-2021-1764 MISC MISC MISC MISC |
apple -- ipados | A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.. | 2021-04-02 | 6.9 | CVE-2021-1782 MISC MISC MISC MISC |
apple -- ipados | A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information. | 2021-04-02 | 4.3 | CVE-2021-1781 MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1768 MISC MISC |
apple -- ipados | An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. | 2021-04-02 | 4.3 | CVE-2021-1778 MISC MISC MISC MISC |
apple -- ipados | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. | 2021-04-02 | 4.3 | CVE-2021-1773 MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. | 2021-04-02 | 4.3 | CVE-2021-1766 MISC MISC MISC MISC |
apple -- ipados | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information. | 2021-04-02 | 4.3 | CVE-2021-1760 MISC MISC MISC MISC |
apple -- ipados | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack. | 2021-04-02 | 4.9 | CVE-2021-1780 MISC |
apple -- ipados | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files. | 2021-04-02 | 4.9 | CVE-2021-1786 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. | 2021-04-02 | 4.6 | CVE-2021-1757 MISC MISC MISC MISC |
apple -- ipados | Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. | 2021-04-02 | 4.6 | CVE-2021-1787 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory. | 2021-04-02 | 4.3 | CVE-2020-29639 MISC |
apple -- ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service. | 2021-04-02 | 4.3 | CVE-2020-29615 MISC MISC MISC MISC |
apple -- ipados | An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory. | 2021-04-02 | 4.3 | CVE-2020-27946 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory. | 2021-04-02 | 4.3 | CVE-2020-29608 MISC MISC MISC MISC MISC |
apple -- ipados | A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1772 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory. | 2021-04-02 | 4.3 | CVE-2020-29610 MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1754 MISC MISC MISC MISC |
apple -- ipados | A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges. | 2021-04-02 | 6.8 | CVE-2020-9971 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27948 MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation. | 2021-04-02 | 6.8 | CVE-2020-27951 MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption. | 2021-04-02 | 6.8 | CVE-2020-29614 MISC MISC MISC MISC |
apple -- ipados | A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-29624 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-9955 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-9956 MISC MISC MISC MISC MISC |
apple -- ipados | A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | 2021-04-02 | 6.8 | CVE-2021-1748 MISC MISC MISC |
apple -- ipados | A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-9962 MISC MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-9960 MISC MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1741 MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1742 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1743 MISC MISC MISC MISC |
apple -- ipados | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1746 MISC MISC MISC MISC |
apple -- ipados | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution. | 2021-04-02 | 6.8 | CVE-2021-1747 MISC MISC MISC MISC |
apple -- mac_os_x | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-29625 MISC |
apple -- mac_os_x | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information. | 2021-04-02 | 4.3 | CVE-2020-27937 MISC MISC |
apple -- mac_os_x | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1738 MISC |
apple -- mac_os_x | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution. | 2021-04-02 | 6.8 | CVE-2020-27920 MISC MISC MISC MISC MISC |
apple -- mac_os_x | This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. | 2021-04-02 | 6.8 | CVE-2020-29620 MISC |
apple -- mac_os_x | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27922 MISC MISC MISC MISC MISC |
apple -- mac_os_x | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-29616 MISC |
apple -- mac_os_x | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1775 MISC |
apple -- mac_os_x | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27952 MISC MISC |
apple -- mac_os_x | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. | 2021-04-02 | 4.3 | CVE-2021-1765 FEDORA FEDORA MISC |
apple -- mac_os_x | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27945 MISC MISC |
apple -- mac_os_x | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1736 MISC |
apple -- mac_os_x | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. | 2021-04-02 | 4.6 | CVE-2021-1751 MISC |
apple -- mac_os_x | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. | 2021-04-02 | 6.8 | CVE-2020-27938 MISC MISC |
apple -- mac_os_x | A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27931 MISC MISC MISC MISC MISC |
apple -- mac_os_x | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges. | 2021-04-02 | 4.6 | CVE-2021-1802 MISC |
apple -- mac_os_x | An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy. | 2021-04-02 | 6.5 | CVE-2020-29633 MISC MISC |
apple -- mac_os_x | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory. | 2021-04-02 | 6.6 | CVE-2020-9930 MISC |
apple -- mac_os_x | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. | 2021-04-02 | 6.6 | CVE-2020-27936 MISC |
apple -- mac_os_x | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace. | 2021-04-02 | 4.3 | CVE-2020-27949 MISC |
apple -- mac_os_x | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27919 MISC MISC |
apple -- mac_os_x | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1737 MISC |
apple -- mac_os_x | An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. | 2021-04-02 | 4.3 | CVE-2020-10001 MISC |
apple -- mac_os_x | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27924 MISC MISC MISC MISC MISC |
apple -- mac_os_x | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27923 MISC MISC MISC MISC MISC |
apple -- macos | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information. | 2021-04-02 | 4.3 | CVE-2020-10008 MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2020-27939 MISC |
apple -- macos | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. | 2021-04-02 | 4.3 | CVE-2020-27901 MISC MISC |
apple -- macos | The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents. | 2021-04-02 | 4.3 | CVE-2021-1803 MISC |
apple -- macos | An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen. | 2021-04-02 | 4 | CVE-2020-27893 MISC |
apple -- macos_server | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. | 2021-04-02 | 5.8 | CVE-2020-9995 MISC |
apple -- safari | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-04-02 | 6.8 | CVE-2021-1844 FEDORA MISC MISC MISC MISC |
apple -- xcode | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. | 2021-04-02 | 4.3 | CVE-2021-1800 MISC |
asus -- z10pr-d16_firmware | The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | 4 | CVE-2021-28175 CONFIRM CONFIRM CONFIRM |
cohesity -- cohesity_dataplatform | A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster. | 2021-04-02 | 4.3 | CVE-2021-28124 CONFIRM |
contribsys -- sidekiq | Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | 2021-04-06 | 4.3 | CVE-2021-30151 MISC |
coreftp -- core_ftp | Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username. | 2021-04-05 | 5 | CVE-2020-19595 MISC |
cozmoslabs -- user_profile_picture | The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. | 2021-04-05 | 5 | CVE-2021-24170 CONFIRM MISC |
daifukuya -- kagemai | Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-04-07 | 4.3 | CVE-2021-20685 MISC |
daifukuya -- kagemai | Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2021-04-07 | 6.8 | CVE-2021-20687 MISC |
daifukuya -- kagemai | Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-04-07 | 4.3 | CVE-2021-20686 MISC |
database-backups_project -- database-backups | The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups. | 2021-04-05 | 5.8 | CVE-2021-24174 CONFIRM |
dell -- system_update | Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. | 2021-04-02 | 4.9 | CVE-2021-21529 MISC |
dell -- wyse_management_suite | Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details | 2021-04-02 | 4 | CVE-2021-21533 MISC |
deltaflow_project -- deltaflow | There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. | 2021-04-06 | 5 | CVE-2021-28172 MISC MISC |
dmasoftlab -- dma_radius_manager | DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). | 2021-04-02 | 4.3 | CVE-2021-29011 MISC MISC |
docsifyjs -- docsify | docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. | 2021-04-02 | 4.3 | CVE-2021-30074 MISC |
eng -- knowage | Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter. | 2021-04-05 | 4.3 | CVE-2021-30058 MISC |
eng -- knowage | A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report. | 2021-04-05 | 6.5 | CVE-2021-30055 MISC |
expresstech -- responsive_menu | In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site. | 2021-04-05 | 6.5 | CVE-2021-24160 CONFIRM MISC |
expresstech -- responsive_menu | In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site. | 2021-04-05 | 6.8 | CVE-2021-24162 CONFIRM MISC |
expresstech -- responsive_menu | In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site. | 2021-04-05 | 6.8 | CVE-2021-24161 CONFIRM MISC |
froala -- froala_editor | Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. | 2021-04-05 | 4.3 | CVE-2021-30109 MISC MISC |
github -- enterprise_server | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program. | 2021-04-02 | 4.3 | CVE-2021-22865 MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. | 2021-04-02 | 4.3 | CVE-2021-22200 CONFIRM MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. | 2021-04-02 | 5 | CVE-2021-22203 CONFIRM MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | 2021-04-02 | 4.3 | CVE-2021-22202 CONFIRM MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other | 2021-04-02 | 4 | CVE-2021-22197 CONFIRM MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. | 2021-04-02 | 4 | CVE-2021-22198 CONFIRM MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. | 2021-04-02 | 4 | CVE-2021-22201 CONFIRM MISC MISC |
glpi-project -- dashboard | The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. | 2021-04-06 | 4 | CVE-2021-30144 MISC MISC |
jamf -- jamf | Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. | 2021-04-02 | 4.3 | CVE-2021-30125 MISC |
lightmeter -- controlcenter | Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query. | 2021-04-02 | 6.4 | CVE-2021-30126 MISC |
magnolia-cms -- magnolia_cms | Magnolia CMS contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. | 2021-04-02 | 4.3 | CVE-2021-25894 MISC MISC MISC |
magpierss_project -- magpierss | Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. | 2021-04-02 | 5 | CVE-2021-28941 MISC MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. | 2021-04-06 | 5 | CVE-2021-30158 MISC DEBIAN |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. | 2021-04-06 | 4.3 | CVE-2021-30157 MISC DEBIAN |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. | 2021-04-06 | 4.3 | CVE-2021-30154 MISC DEBIAN |
ninjaforms -- ninja_forms | In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. | 2021-04-05 | 4 | CVE-2021-24164 CONFIRM MISC |
ninjaforms -- ninja_forms | The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. | 2021-04-05 | 6.5 | CVE-2021-24163 CONFIRM MISC |
ninjaforms -- ninja_forms | The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. | 2021-04-05 | 5.8 | CVE-2021-24166 CONFIRM MISC |
ninjaforms -- ninja_forms | In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. | 2021-04-05 | 5.8 | CVE-2021-24165 CONFIRM MISC |
ocproducts -- composr | Composr 10.0.36 allows XSS in an XML script. | 2021-04-06 | 4.3 | CVE-2021-30150 MISC MISC |
openiam -- openiam | OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. | 2021-04-06 | 5 | CVE-2020-13419 MISC |
openiam -- openiam | OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. | 2021-04-06 | 4.3 | CVE-2020-13418 MISC |
openiam -- openiam | OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. | 2021-04-06 | 5.5 | CVE-2020-13422 MISC |
piwigo -- piwigo | SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. | 2021-04-02 | 6.5 | CVE-2021-27973 MISC |
pomerium -- pomerium | Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process | 2021-04-02 | 5.8 | CVE-2021-29652 CONFIRM |
pomerium -- pomerium | Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). | 2021-04-02 | 5.8 | CVE-2021-29651 CONFIRM |
redmine -- redmine | Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. | 2021-04-06 | 5 | CVE-2020-36308 MISC |
redmine -- redmine | Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. | 2021-04-06 | 5 | CVE-2019-25026 MISC |
redmine -- redmine | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. | 2021-04-06 | 5 | CVE-2021-30163 MISC |
redmine -- redmine | Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | 2021-04-06 | 4.3 | CVE-2020-36307 MISC |
redmine -- redmine | Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | 2021-04-06 | 4.3 | CVE-2020-36306 MISC |
rstudio -- shiny_server | Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. | 2021-04-02 | 5 | CVE-2021-3374 MISC MISC |
sannce -- smart_hd_wifi_security_camera_ean_2_950004_595317_firmware | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. | 2021-04-02 | 5 | CVE-2019-20464 MISC |
sannce -- smart_hd_wifi_security_camera_ean_2_950004_595317_firmware | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality. | 2021-04-02 | 5 | CVE-2019-20465 MISC |
serenityos -- serenity | SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file. | 2021-04-06 | 6.8 | CVE-2021-28874 MISC MISC MISC |
serenityos -- serenity | SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1. | 2021-04-06 | 5 | CVE-2021-27343 MISC MISC MISC |
softing -- opc_toolbox | A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | 2021-04-02 | 6.8 | CVE-2021-29660 MISC |
svelte -- svelte | The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration. | 2021-04-05 | 6.8 | CVE-2021-29261 MISC MISC MISC MISC MISC |
sygnoos -- popup_builder | The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. | 2021-04-05 | 4.3 | CVE-2021-24152 CONFIRM |
themeum -- tutor_lms | The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. | 2021-04-05 | 4 | CVE-2021-24181 CONFIRM MISC |
themeum -- tutor_lms | The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. | 2021-04-05 | 4 | CVE-2021-24182 CONFIRM MISC |
themeum -- tutor_lms | The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. | 2021-04-05 | 4 | CVE-2021-24183 CONFIRM MISC |
themeum -- tutor_lms | The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. | 2021-04-05 | 4 | CVE-2021-24185 CONFIRM MISC |
themeum -- tutor_lms | The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. | 2021-04-05 | 4 | CVE-2021-24186 CONFIRM MISC |
themeum -- tutor_lms | Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. | 2021-04-05 | 6.5 | CVE-2021-24184 CONFIRM MISC |
unionpayintl -- union_pay | Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 2021-04-06 | 5 | CVE-2020-23533 MISC MISC MISC |
unionpayintl -- union_pay | Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 2021-04-06 | 5 | CVE-2020-36284 MISC MISC MISC |
unionpayintl -- union_pay | Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 2021-04-06 | 5 | CVE-2020-36285 MISC MISC MISC |
vim_project -- vim | VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. | 2021-04-05 | 6.8 | CVE-2021-28832 MISC MISC MISC |
vm_backups_project -- vm_backups | The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. | 2021-04-05 | 4.3 | CVE-2021-24173 CONFIRM |
vm_backups_project -- vm_backups | The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current . | 2021-04-05 | 4.3 | CVE-2021-24172 CONFIRM |
w1.fi -- hostapd | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | 2021-04-02 | 5 | CVE-2021-30004 MISC |
web-stat -- web-stat | When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account. | 2021-04-05 | 5 | CVE-2021-24167 CONFIRM |
wire -- wire-webapp | wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0. | 2021-04-02 | 4.3 | CVE-2021-21400 MISC MISC MISC CONFIRM |
wso2 -- api_manager | WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. | 2021-04-05 | 4.3 | CVE-2020-17453 MISC MISC MISC |
wuzhicms -- wuzhicms | Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. | 2021-04-02 | 4 | CVE-2020-21590 MISC MISC |
yomi-search_project -- yomi-search | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-04-07 | 4.3 | CVE-2021-20691 MISC |
yomi-search_project -- yomi-search | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-04-07 | 4.3 | CVE-2021-20690 MISC |
yomi-search_project -- yomi-search | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-04-07 | 4.3 | CVE-2021-20689 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- ipados | A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | 2021-04-02 | 2.1 | CVE-2021-1769 MISC MISC MISC MISC |
apple -- ipados | A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information. | 2021-04-02 | 2.1 | CVE-2021-1756 MISC |
apple -- ipados | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. | 2021-04-02 | 2.1 | CVE-2020-29623 FEDORA FEDORA MISC MISC MISC |
apple -- ipados | This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state. | 2021-04-02 | 2.7 | CVE-2020-9978 MISC MISC MISC MISC MISC |
apple -- mac_os_x | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences. | 2021-04-02 | 2.1 | CVE-2020-29621 MISC |
apple -- macos | A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. | 2021-04-02 | 2.1 | CVE-2021-1755 MISC |
clogica -- seo_redirection | The setting page of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin through 6.3 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute. | 2021-04-05 | 3.5 | CVE-2021-24187 CONFIRM |
cm-wp -- social_slider_widget | The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized | 2021-04-05 | 3.5 | CVE-2021-24196 MISC CONFIRM |
coreftp -- core_ftp | Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox. | 2021-04-02 | 2.1 | CVE-2020-21588 MISC MISC |
easy_contact_form_pro_project -- easy_contact_form_pro | The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator. | 2021-04-05 | 3.5 | CVE-2021-24168 CONFIRM |
elementor -- website_builder | In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. | 2021-04-05 | 3.5 | CVE-2021-24202 CONFIRM MISC |
elementor -- website_builder | In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | 2021-04-05 | 3.5 | CVE-2021-24204 CONFIRM MISC |
elementor -- website_builder | In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. | 2021-04-05 | 3.5 | CVE-2021-24203 CONFIRM MISC |
elementor -- website_builder | In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | 2021-04-05 | 3.5 | CVE-2021-24205 CONFIRM MISC |
elementor -- website_builder | In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | 2021-04-05 | 3.5 | CVE-2021-24201 CONFIRM MISC |
elementor -- website_builder | In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | 2021-04-05 | 3.5 | CVE-2021-24206 CONFIRM MISC |
eng -- knowage | Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. | 2021-04-05 | 3.5 | CVE-2021-30056 MISC |
eng -- knowage | A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters. | 2021-04-05 | 3.5 | CVE-2021-30057 MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. | 2021-04-02 | 3.5 | CVE-2021-22196 CONFIRM MISC MISC |
ibm -- edge_application_manager | IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441. | 2021-04-05 | 3.5 | CVE-2020-4792 XF CONFIRM |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914 | 2021-04-05 | 3.5 | CVE-2020-4997 XF CONFIRM |
jh_404_logger_project -- jh_404_logger | The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. | 2021-04-05 | 3.5 | CVE-2021-24176 CONFIRM |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. | 2021-04-02 | 2.1 | CVE-2021-30002 MISC MISC MISC |
magnolia-cms -- magnolia_cms | Magnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. | 2021-04-02 | 3.5 | CVE-2021-25893 MISC MISC MISC |
never5 -- related_posts | Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL. | 2021-04-05 | 3.5 | CVE-2021-24180 CONFIRM |
nokia -- g-120w-f_firmware | An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. | 2021-04-02 | 3.5 | CVE-2021-30003 MISC |
softing -- opc_toolbox | Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. | 2021-04-02 | 3.5 | CVE-2021-29661 MISC |
testimonial_rotator_project -- testimonial_rotator | Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation | 2021-04-05 | 3.5 | CVE-2021-24156 MISC CONFIRM |
themeisle -- orbit_fox | Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration. | 2021-04-05 | 3.5 | CVE-2021-24158 CONFIRM MISC |
themeisle -- orbit_fox | Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious. | 2021-04-05 | 3.5 | CVE-2021-24157 CONFIRM MISC |
webdesi9 -- file_manager | In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response. | 2021-04-05 | 3.5 | CVE-2021-24177 MISC MISC CONFIRM |
wizconnected -- a60_colors_firmware | An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.) | 2021-04-02 | 3.3 | CVE-2020-11922 MISC |
wizconnected -- colors_a60_firmware | An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. | 2021-04-02 | 2.1 | CVE-2020-11924 MISC |
wizconnected -- wiz | An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. | 2021-04-02 | 2.1 | CVE-2020-11923 MISC |
yoast -- yoast_seo | A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found. | 2021-04-05 | 3.5 | CVE-2021-24153 MISC MISC CONFIRM |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
admin.php -- online_book_store | SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | 2021-04-09 | not yet calculated | CVE-2020-23763 MISC MISC |
apple -- macos | The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected. | 2021-04-06 | not yet calculated | CVE-2021-27899 CONFIRM |
apple -- multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 2021-04-02 | not yet calculated | CVE-2021-1870 FEDORA FEDORA MISC MISC |
apple -- multiple_products | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. | 2021-04-02 | not yet calculated | CVE-2021-1801 FEDORA FEDORA MISC MISC MISC MISC |
apple -- multiple_products | A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. | 2021-04-02 | not yet calculated | CVE-2021-1799 FEDORA FEDORA MISC MISC MISC MISC MISC |
aprelium -- abyss_web_server | An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application. | 2021-04-08 | not yet calculated | CVE-2021-3328 MISC |
archive -- archive | Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives. | 2021-04-07 | not yet calculated | CVE-2021-20692 MISC MISC |
asus -- bmc_firmware | The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28189 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | 2021-04-06 | not yet calculated | CVE-2021-28207 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28187 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28185 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. | 2021-04-06 | not yet calculated | CVE-2021-28204 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28183 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28198 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28181 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28179 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28178 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28177 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | 2021-04-06 | not yet calculated | CVE-2021-28206 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28200 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28201 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | 2021-04-06 | not yet calculated | CVE-2021-28208 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | 2021-04-06 | not yet calculated | CVE-2021-28209 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28202 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. | 2021-04-06 | not yet calculated | CVE-2021-28203 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | 2021-04-06 | not yet calculated | CVE-2021-28205 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28199 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28197 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28186 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28176 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28182 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28184 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28196 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28188 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28190 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28191 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28192 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28193 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28194 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28195 CONFIRM CONFIRM CONFIRM |
asus -- bmc_firmware | The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | 2021-04-06 | not yet calculated | CVE-2021-28180 CONFIRM CONFIRM CONFIRM |
asus -- gputweak_ii | AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl. | 2021-04-08 | not yet calculated | CVE-2021-28685 MISC MISC |
asus -- gputweak_ii | AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl. | 2021-04-08 | not yet calculated | CVE-2021-28686 MISC MISC |
atlassian -- jira_server_and_jira_data_center | The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. | 2021-04-09 | not yet calculated | CVE-2020-36287 MISC |
bixby -- bixby | Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user. | 2021-04-09 | not yet calculated | CVE-2021-25380 CONFIRM CONFIRM |
cern -- indico | CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. | 2021-04-07 | not yet calculated | CVE-2021-30185 MISC MISC |
cisco -- advanced_malware_protection | A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. | 2021-04-08 | not yet calculated | CVE-2021-1386 CISCO |
cisco -- clam_antivirus
| A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | 2021-04-08 | not yet calculated | CVE-2021-1405 CISCO |
cisco -- clam_antivirus | A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition. | 2021-04-08 | not yet calculated | CVE-2021-1252 CISCO |
cisco -- clam_antivirus | A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.0 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | 2021-04-08 | not yet calculated | CVE-2021-1404 CISCO |
cisco -- ios_xr_software | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to an affected command. A successful exploit could allow the attacker to execute commands on the underlying Linux OS with root privileges. | 2021-04-08 | not yet calculated | CVE-2021-1485 CISCO |
cisco -- multiple_routers | Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-04-08 | not yet calculated | CVE-2021-1415 CISCO |
cisco -- multiple_routers | A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability. | 2021-04-08 | not yet calculated | CVE-2021-1459 CISCO |
cisco -- multiple_routers | Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-04-08 | not yet calculated | CVE-2021-1414 CISCO |
cisco -- multiple_routers | Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | 2021-04-08 | not yet calculated | CVE-2021-1413 CISCO |
cisco -- sd-wan | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-04-08 | not yet calculated | CVE-2021-1137 CISCO |
cisco -- sd-wan_vmanage_software | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-04-08 | not yet calculated | CVE-2021-1479 CISCO |
cisco -- sd-wan_vmanage_software | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-04-08 | not yet calculated | CVE-2021-1480 CISCO |
cisco -- small_business_rv_series_routers | Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2021-04-08 | not yet calculated | CVE-2021-1308 CISCO |
cisco -- small_business_rv_series_routers | Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2021-04-08 | not yet calculated | CVE-2021-1251 CISCO |
cisco -- small_business_rv_series_routers | Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2021-04-08 | not yet calculated | CVE-2021-1309 CISCO |
cisco -- small_business_rv_series_routers | Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-04-08 | not yet calculated | CVE-2021-1473 CISCO |
cisco -- small_business_rv_series_routers | Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-04-08 | not yet calculated | CVE-2021-1472 CISCO |
cisco -- umbrella
| Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-04-08 | not yet calculated | CVE-2021-1475 CISCO |
cisco -- umbrella | Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-04-08 | not yet calculated | CVE-2021-1474 CISCO |
cisco -- unified_communications_manager | A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization. | 2021-04-08 | not yet calculated | CVE-2021-1399 CISCO |
cisco -- unified_communications_manager | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | 2021-04-08 | not yet calculated | CVE-2021-1380 CISCO |
cisco -- unified_communications_manager | A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device. | 2021-04-08 | not yet calculated | CVE-2021-1362 CISCO |
cisco -- unified_intelligence_center_software | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2021-04-08 | not yet calculated | CVE-2021-1463 CISCO |
cisco -- univied_communications_manager | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | 2021-04-08 | not yet calculated | CVE-2021-1409 CISCO |
cisco -- univied_communications_manager | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | 2021-04-08 | not yet calculated | CVE-2021-1408 CISCO |
cisco -- univied_communications_manager | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | 2021-04-08 | not yet calculated | CVE-2021-1407 CISCO |
cisco -- univied_communications_manager | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges. | 2021-04-08 | not yet calculated | CVE-2021-1406 CISCO |
cisco -- webex | A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. | 2021-04-08 | not yet calculated | CVE-2021-1420 CISCO |
cisco -- webex | A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user. | 2021-04-08 | not yet calculated | CVE-2021-1467 CISCO |
citsmart-- citsmart | CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." | 2021-04-06 | not yet calculated | CVE-2021-28142 MISC |
cloud_controller -- cloud_controller | Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller. | 2021-04-08 | not yet calculated | CVE-2021-22115 MISC |
d-link -- dsl-320b-d1_devices | ** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-04-07 | not yet calculated | CVE-2021-26709 MISC FULLDISC MISC MISC |
directus -- directus | Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com). | 2021-04-07 | not yet calculated | CVE-2021-29641 MISC FULLDISC MISC MISC MISC |
discord -- recon_server | Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2. | 2021-04-09 | not yet calculated | CVE-2021-21433 MISC MISC CONFIRM |
django -- django | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. | 2021-04-06 | not yet calculated | CVE-2021-28658 MISC MISC MLIST CONFIRM |
dma -- softlab_radius_manager | DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. | 2021-04-07 | not yet calculated | CVE-2021-30147 MISC MISC MISC |
dnsmasque -- dnsmasque | A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. | 2021-04-08 | not yet calculated | CVE-2021-3448 MISC |
dolby -- audio_x2 | The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. | 2021-04-08 | not yet calculated | CVE-2021-3146 MISC |
dream_report -- r20-1 | A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | 2021-04-09 | not yet calculated | CVE-2020-13534 MISC |
dream_report -- r20-1 | A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | 2021-04-09 | not yet calculated | CVE-2020-13532 MISC |
dream_report -- r20-1 | A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | 2021-04-09 | not yet calculated | CVE-2020-13533 MISC |
eclipse -- mosquitto | In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. | 2021-04-07 | not yet calculated | CVE-2021-28166 CONFIRM |
erlang -- erlang | A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. | 2021-04-09 | not yet calculated | CVE-2021-29221 MISC MISC |
esri -- acrgis_online | A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI ArcGIS Online before 10.9 and Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). | 2021-04-08 | not yet calculated | CVE-2021-3012 MISC |
exiv2 -- exiv2 | A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. | 2021-04-08 | not yet calculated | CVE-2021-3482 MISC |
ffmpeg -- ffmpeg | FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. | 2021-04-07 | not yet calculated | CVE-2021-30123 MISC MISC MISC |
forcepoint -- web_security_content_gateway | Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | 2021-04-08 | not yet calculated | CVE-2020-6590 CONFIRM |
freebsd -- multiple_products | In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail. | 2021-04-07 | not yet calculated | CVE-2020-25584 MISC |
freebsd -- multiple_products | In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. | 2021-04-07 | not yet calculated | CVE-2021-29627 MISC |
freebsd -- multiple_products | In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unpriivleged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. | 2021-04-07 | not yet calculated | CVE-2021-29626 MISC |
friendica -- friendica | ** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users." | 2021-04-05 | not yet calculated | CVE-2021-30141 MISC MISC |
gnome -- gnome | fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. | 2021-04-07 | not yet calculated | CVE-2020-36314 MISC MISC |
gnu -- chess | GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. | 2021-04-07 | not yet calculated | CVE-2021-30184 MISC MISC |
google -- chrome | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | not yet calculated | CVE-2021-21197 MISC MISC |
google -- chrome | Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-04-09 | not yet calculated | CVE-2021-21198 MISC MISC |
google -- chrome | Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | not yet calculated | CVE-2021-21196 MISC MISC |
google -- chrome | Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | not yet calculated | CVE-2021-21195 MISC MISC |
google -- chrome | Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | not yet calculated | CVE-2021-21199 MISC MISC |
google -- chrome | Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | not yet calculated | CVE-2021-21194 MISC MISC |
grav_admin_plugin -- grav_admin_plugin | Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround. | 2021-04-07 | not yet calculated | CVE-2021-21425 CONFIRM MISC |
huawei -- multiple_products | There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500. | 2021-04-08 | not yet calculated | CVE-2021-22312 MISC |
ibm -- webspehere_application_server | IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. | 2021-04-08 | not yet calculated | CVE-2021-20480 XF CONFIRM |
ikuaios -- build | iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. | 2021-04-06 | not yet calculated | CVE-2021-28075 MISC |
imb -- spectrum_scale | IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478. | 2021-04-09 | not yet calculated | CVE-2021-29671 XF CONFIRM |
jenkins -- multiple_products | A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | 2021-04-07 | not yet calculated | CVE-2021-21641 MLIST CONFIRM |
jenkins -- multiple_products | Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names. | 2021-04-07 | not yet calculated | CVE-2021-21640 MLIST CONFIRM |
jenkins -- multiple_products | Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type. | 2021-04-07 | not yet calculated | CVE-2021-21639 MLIST CONFIRM |
jsrsasign --jsrsasign | In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack. | 2021-04-07 | not yet calculated | CVE-2021-30246 MISC MISC MISC |
larsens -- calender | Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab. | 2021-04-09 | not yet calculated | CVE-2020-23762 MISC MISC |
learnsite -- learnsite | Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained. | 2021-04-08 | not yet calculated | CVE-2021-27522 MISC |
lg -- mobile_devices | An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021). | 2021-04-06 | not yet calculated | CVE-2021-30161 MISC |
lg -- mobile_devices | An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). | 2021-04-06 | not yet calculated | CVE-2021-30162 MISC |
libertro -- retroarch | The text-to-speech engine in libretro RetroArch for Windows 0.11 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. | 2021-04-07 | not yet calculated | CVE-2021-28927 MISC MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. | 2021-04-07 | not yet calculated | CVE-2020-36312 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. | 2021-04-07 | not yet calculated | CVE-2020-36310 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. | 2021-04-07 | not yet calculated | CVE-2021-30178 MISC |
linux -- linux_kernel | The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. | 2021-04-06 | not yet calculated | CVE-2021-28688 MISC |
linux -- linux_kernel | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | 2021-04-08 | not yet calculated | CVE-2021-29154 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. | 2021-04-07 | not yet calculated | CVE-2020-36311 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. | 2021-04-07 | not yet calculated | CVE-2020-36313 MISC MISC |
liquidfiles -- liquidfiles | LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | 2021-04-06 | not yet calculated | CVE-2021-30140 MISC MISC MISC |
litespeed_technologies -- openlitespeed_web_server | Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. | 2021-04-07 | not yet calculated | CVE-2021-26758 MISC CONFIRM EXPLOIT-DB |
magazinerz -- magazinerz | Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-04-07 | not yet calculated | CVE-2021-20684 MISC |
manageengine -- servicedesk_plus | Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. | 2021-04-09 | not yet calculated | CVE-2021-20080 MISC |
mark_text -- mark_text | Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. | 2021-04-05 | not yet calculated | CVE-2021-29996 MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. | 2021-04-09 | not yet calculated | CVE-2021-30152 MISC DEBIAN |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. | 2021-04-09 | not yet calculated | CVE-2021-30159 MISC DEBIAN |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists. | 2021-04-09 | not yet calculated | CVE-2021-30156 MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. | 2021-04-09 | not yet calculated | CVE-2021-30155 MISC DEBIAN |
micro_focus -- application_automation_tools_plugin | Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks. | 2021-04-08 | not yet calculated | CVE-2021-22513 MISC |
micro_focus -- application_automation_tools_plugin | Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks. | 2021-04-08 | not yet calculated | CVE-2021-22512 MISC |
micro_focus -- application_automation_tools_plugin | Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates. | 2021-04-08 | not yet calculated | CVE-2021-22511 MISC |
micro_focus -- application_automation_tools_plugin | Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions. | 2021-04-08 | not yet calculated | CVE-2021-22510 MISC |
micro_focus -- operations_bridge_manager | Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access. | 2021-04-08 | not yet calculated | CVE-2021-22507 MISC |
mitake -- mitake | Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login. | 2021-04-08 | not yet calculated | CVE-2021-28174 MISC |
mongodb-- compass | A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows. | 2021-04-06 | not yet calculated | CVE-2021-20334 MISC |
mozilla -- firefox
| The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package. | 2021-04-07 | not yet calculated | CVE-2013-1055 UBUNTU UBUNTU |
mozilla -- firefox | The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely. | 2021-04-07 | not yet calculated | CVE-2013-1054 UBUNTU UBUNTU |
nagios -- network_analyzer | SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. | 2021-04-08 | not yet calculated | CVE-2021-28925 MISC MISC |
nagios -- network_analyzer | Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. | 2021-04-08 | not yet calculated | CVE-2021-28924 MISC MISC |
openresty -- openresty | ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. | 2021-04-06 | not yet calculated | CVE-2020-36309 MISC MISC MISC |
perl -- perl | The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | 2021-04-06 | not yet calculated | CVE-2021-29424 MISC FEDORA FEDORA FEDORA MISC |
php-nuke -- php-nuke | There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE. | 2021-04-07 | not yet calculated | CVE-2021-30177 MISC |
phpseclib -- phpseclib | phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. | 2021-04-06 | not yet calculated | CVE-2021-30130 MISC CONFIRM CONFIRM |
projen -- projen | `projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen's `NodeProject` project type (including any project type derived from it) include a `.github/workflows/rebuild-bot.yml` workflow that may allow any GitHub user to trigger execution of un-trusted code in the context of the "main" repository (as opposed to that of a fork). In some situations, such untrusted code may potentially be able to commit to the "main" repository. The rebuild-bot workflow is triggered by comments including `@projen rebuild` on pull-request to trigger a re-build of the projen project, and updating the pull request with the updated files. This workflow is triggered by an `issue_comment` event, and thus always executes with a `GITHUB_TOKEN` belonging to the repository into which the pull-request is made (this is in contrast with workflows triggered by `pull_request` events, which always execute with a `GITHUB_TOKEN` belonging to the repository from which the pull-request is made). Repositories that do not have branch protection configured on their default branch (typically `main` or `master`) could possibly allow an untrusted user to gain access to secrets configured on the repository (such as NPM tokens, etc). Branch protection prohibits this escalation, as the managed `GITHUB_TOKEN` would not be able to modify the contents of a protected branch and affected workflows must be defined on the default branch. | 2021-04-06 | not yet calculated | CVE-2021-21423 MISC CONFIRM MISC |
proofpoint -- insider_threat_management_server | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected. | 2021-04-06 | not yet calculated | CVE-2021-22158 CONFIRM |
proofpoint -- insider_threat_management_server | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected. | 2021-04-06 | not yet calculated | CVE-2021-27900 CONFIRM |
proofpoint -- insider_threat_management_server | Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. | 2021-04-06 | not yet calculated | CVE-2021-22157 CONFIRM |
qualcomm -- multiple_snapdragon_products | Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2021-04-07 | not yet calculated | CVE-2020-11237 CONFIRM |
qualcomm -- multiple_snapdragon_products | Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables | 2021-04-07 | not yet calculated | CVE-2020-11255 CONFIRM |
qualcomm -- multiple_snapdragon_products | Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2021-04-07 | not yet calculated | CVE-2020-11245 CONFIRM |
qualcomm -- multiple_snapdragon_products | Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-04-07 | not yet calculated | CVE-2020-11247 CONFIRM |
qualcomm -- multiple_snapdragon_products | Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-04-07 | not yet calculated | CVE-2020-11231 CONFIRM |
qualcomm -- multiple_snapdragon_products | Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking | 2021-04-07 | not yet calculated | CVE-2021-1892 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2021-04-07 | not yet calculated | CVE-2020-11210 CONFIRM |
qualcomm -- multiple_snapdragon_products | User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile | 2021-04-07 | not yet calculated | CVE-2020-11242 CONFIRM |
qualcomm -- multiple_snapdragon_products | RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2021-04-07 | not yet calculated | CVE-2020-11243 CONFIRM |
qualcomm -- multiple_snapdragon_products | Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2021-04-07 | not yet calculated | CVE-2020-11236 CONFIRM |
qualcomm -- multiple_snapdragon_products | Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-04-07 | not yet calculated | CVE-2020-11252 CONFIRM |
qualcomm -- multiple_snapdragon_products | Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-04-07 | not yet calculated | CVE-2020-11251 CONFIRM |
qualcomm -- multiple_snapdragon_products | When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-04-07 | not yet calculated | CVE-2020-11234 CONFIRM |
qualcomm -- multiple_snapdragon_products | A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-04-07 | not yet calculated | CVE-2020-11246 CONFIRM |
qualcomm -- multiple_snapdragon_products | Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-04-07 | not yet calculated | CVE-2020-11191 CONFIRM |
ranker -- ranker | Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-04-07 | not yet calculated | CVE-2021-20688 MISC |
realtek -- rtl8723de_ble_stack | An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. | 2021-04-08 | not yet calculated | CVE-2020-23539 MISC |
red_hat -- red-Hat | A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-04-08 | not yet calculated | CVE-2021-3413 MISC |
relic -- relic | In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. | 2021-04-07 | not yet calculated | CVE-2020-36315 MISC MISC MISC MISC |
relic -- relic | In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present. | 2021-04-07 | not yet calculated | CVE-2020-36316 MISC MISC MISC MISC |
rukovoditel -- project_management_app | An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 2021-04-09 | not yet calculated | CVE-2020-13592 MISC |
rukovoditel -- project_management_app | An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 2021-04-09 | not yet calculated | CVE-2020-13587 MISC |
rukovoditel -- project_management_app | An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 2021-04-09 | not yet calculated | CVE-2020-13591 MISC |
rust -- id-map | An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl. | 2021-04-07 | not yet calculated | CVE-2021-30457 MISC |
rust -- id-map | An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function. | 2021-04-07 | not yet calculated | CVE-2021-30456 MISC |
rust -- id-map | An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic. | 2021-04-07 | not yet calculated | CVE-2021-30455 MISC |
rust -- outer_cgi | An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader. | 2021-04-07 | not yet calculated | CVE-2021-30454 MISC |
samsung -- mobile | An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. | 2021-04-09 | not yet calculated | CVE-2021-25362 CONFIRM CONFIRM |
samsung -- mobile
| An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | 2021-04-09 | not yet calculated | CVE-2021-25363 CONFIRM CONFIRM |
samsung -- mobile
| Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment. | 2021-04-09 | not yet calculated | CVE-2021-25375 CONFIRM CONFIRM |
samsung -- mobile
| An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account. | 2021-04-09 | not yet calculated | CVE-2021-25374 CONFIRM CONFIRM |
samsung -- mobile
| Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | 2021-04-09 | not yet calculated | CVE-2021-25379 CONFIRM CONFIRM |
samsung -- mobile
| An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications. | 2021-04-09 | not yet calculated | CVE-2021-25361 CONFIRM CONFIRM |
samsung -- mobile
| A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information. | 2021-04-09 | not yet calculated | CVE-2021-25357 CONFIRM CONFIRM |
samsung -- mobile
| An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | 2021-04-09 | not yet calculated | CVE-2021-25356 CONFIRM CONFIRM |
samsung -- mobile | An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. | 2021-04-09 | not yet calculated | CVE-2021-25376 CONFIRM CONFIRM |
samsung -- mobile | Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | 2021-04-09 | not yet calculated | CVE-2021-25373 CONFIRM CONFIRM |
samsung -- mobile | Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. | 2021-04-09 | not yet calculated | CVE-2021-25377 CONFIRM CONFIRM |
samsung -- mobile | Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. | 2021-04-09 | not yet calculated | CVE-2021-25378 CONFIRM CONFIRM |
samsung -- mobile | A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | 2021-04-09 | not yet calculated | CVE-2021-25364 CONFIRM CONFIRM |
samsung -- mobile | An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd. | 2021-04-09 | not yet calculated | CVE-2021-25365 CONFIRM CONFIRM |
samsung -- mobile | Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | 2021-04-09 | not yet calculated | CVE-2021-25381 CONFIRM CONFIRM |
samsung -- mobile | An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | 2021-04-09 | not yet calculated | CVE-2021-25360 CONFIRM CONFIRM |
samsung -- mobile | An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications. | 2021-04-09 | not yet calculated | CVE-2021-25359 CONFIRM CONFIRM |
samsung -- mobile | A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications. | 2021-04-09 | not yet calculated | CVE-2021-25358 CONFIRM CONFIRM |
seafile -- seafile | Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." | 2021-04-06 | not yet calculated | CVE-2021-30146 MISC |
serentiyos -- serenityos | SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. | 2021-04-06 | not yet calculated | CVE-2021-30045 MISC MISC MISC |
skyworth_digital_technology -- rn510 | Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed. | 2021-04-09 | not yet calculated | CVE-2021-25326 MISC |
skyworth_digital_technology -- rn510 | Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device. | 2021-04-09 | not yet calculated | CVE-2021-25328 MISC |
skyworth_digital_technology -- rn510 | Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). | 2021-04-09 | not yet calculated | CVE-2021-25327 MISC |
sonicwall -- email_security | A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | 2021-04-09 | not yet calculated | CVE-2021-20021 CONFIRM |
sonicwall -- email_security | SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | 2021-04-09 | not yet calculated | CVE-2021-20022 CONFIRM |
sonicwall -- gms | A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | 2021-04-10 | not yet calculated | CVE-2021-20020 CONFIRM |
sopel-channelmgnt -- sopel-channelmgnt | sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1. | 2021-04-09 | not yet calculated | CVE-2021-21431 MISC CONFIRM MISC |
squirro -- insights_engine | The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes. | 2021-04-08 | not yet calculated | CVE-2021-27945 CONFIRM |
subrion -- cms_version | Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. | 2021-04-09 | not yet calculated | CVE-2020-23761 MISC MISC |
syncthing -- syncthing | Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0. | 2021-04-06 | not yet calculated | CVE-2021-21404 MISC MISC CONFIRM MISC |
teradici -- pcoip_connection_manager_and_security_gateway | Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. | 2021-04-06 | not yet calculated | CVE-2021-25692 MISC |
timelybills -- timelybills | Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted. | 2021-04-06 | not yet calculated | CVE-2021-26833 MISC |
umoci -- umoci | Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. | 2021-04-06 | not yet calculated | CVE-2021-29136 MISC CONFIRM CONFIRM |
unibox -- u-50_and_enterprise_series | Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device. | 2021-04-09 | not yet calculated | CVE-2020-21884 MISC MISC MISC |
unibox -- u-50_and_enterprise_series | Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. | 2021-04-09 | not yet calculated | CVE-2020-21883 MISC MISC MISC |
valve_stream -- valve_stream | Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. | 2021-04-10 | not yet calculated | CVE-2021-30481 MISC MISC MISC MISC |
vela -- vela | Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the referenced GitHub Security Advisory for complete details. This is fixed in version 0.7.5. | 2021-04-09 | not yet calculated | CVE-2021-21432 MISC MISC MISC CONFIRM MISC |
vestacp -- vestacp | VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely. | 2021-04-08 | not yet calculated | CVE-2021-30463 MISC |
vestacp -- vestacp | VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. | 2021-04-08 | not yet calculated | CVE-2021-30462 MISC |
vigra -- computer_vision_library | VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. | 2021-04-06 | not yet calculated | CVE-2021-30046 MISC |
wcms -- wcms | Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. | 2021-04-07 | not yet calculated | CVE-2020-24138 MISC |
wcms -- wcms | Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. | 2021-04-07 | not yet calculated | CVE-2020-24139 MISC |
wcms -- wcms | Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. | 2021-04-07 | not yet calculated | CVE-2020-24137 MISC |
wcms -- wcms | Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. | 2021-04-07 | not yet calculated | CVE-2020-24136 MISC |
wcms -- wcms | Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. | 2021-04-07 | not yet calculated | CVE-2020-24140 MISC |
wcms -- wcms | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php. | 2021-04-07 | not yet calculated | CVE-2020-24135 MISC |
web-school_erp -- web_school_erp | A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website. | 2021-04-08 | not yet calculated | CVE-2021-30113 MISC MISC MISC |
web-school_erp -- web_school_erp | Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege. | 2021-04-08 | not yet calculated | CVE-2021-30112 MISC MISC MISC |
web-school_erp -- web_school_erp | A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. | 2021-04-08 | not yet calculated | CVE-2021-30111 MISC MISC MISC |
web-school_erp -- web_school_erp | Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege. | 2021-04-08 | not yet calculated | CVE-2021-30114 MISC MISC MISC |
whatsapp -- whatsapp | A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material. | 2021-04-06 | not yet calculated | CVE-2021-24027 CONFIRM |
whatsapp -- whatsapp | A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write. | 2021-04-06 | not yet calculated | CVE-2021-24026 CONFIRM |
wikimedia -- parsoid | An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. | 2021-04-09 | not yet calculated | CVE-2021-30458 MISC MISC |
wordpress -- wordpress | The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action. | 2021-04-05 | not yet calculated | CVE-2021-24208 CONFIRM MISC |
wordpress -- wordpress | By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. | 2021-04-05 | not yet calculated | CVE-2021-24207 CONFIRM MISC |
wordpress -- wordpress | The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser. | 2021-04-05 | not yet calculated | CVE-2021-24211 CONFIRM |
wordpress -- wordpress | The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. | 2021-04-05 | not yet calculated | CVE-2021-24212 MISC CONFIRM |
wordpress -- wordpress | The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd | 2021-04-05 | not yet calculated | CVE-2021-24154 CONFIRM |
wordpress -- wordpress | There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain. | 2021-04-05 | not yet calculated | CVE-2021-24210 MISC CONFIRM |
wordpress -- wordpress | The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter. | 2021-04-05 | not yet calculated | CVE-2021-24171 CONFIRM MISC |
wordpress -- wordpress | Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript. | 2021-04-05 | not yet calculated | CVE-2021-24159 CONFIRM MISC |
wordpress -- wordpress | The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. | 2021-04-05 | not yet calculated | CVE-2021-24209 MISC MISC CONFIRM |
wordpress -- wordpress | The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. | 2021-04-05 | not yet calculated | CVE-2021-24155 CONFIRM |
wordpress -- wordpress | The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). | 2021-04-05 | not yet calculated | CVE-2021-24150 CONFIRM |
xiaomi -- ax1800_routers | On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | 2021-04-08 | not yet calculated | CVE-2020-14099 MISC |
xiaomi -- ax3600_routers | A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | 2021-04-08 | not yet calculated | CVE-2020-14104 MISC |
xiaomi -- mobile_phones | The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. | 2021-04-08 | not yet calculated | CVE-2020-14106 MISC |
xiaomi -- mobile_phones | The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | 2021-04-08 | not yet calculated | CVE-2020-14103 MISC |
zoom -- zoom | Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. | 2021-04-09 | not yet calculated | CVE-2021-30480 MISC MISC MISC MISC MISC MISC |
zte -- zxa10_c300m | A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8. | 2021-04-09 | not yet calculated | CVE-2021-21728 MISC |
zzcms -- zzcms | zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. | 2021-04-08 | not yet calculated | CVE-2020-23426 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.