Vulnerability Summary for the Week of June 7, 2021

Released
Jun 14, 2021
Document ID
SB21-165

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aomedia -- aomediaaom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.2021-06-047.5CVE-2021-30475
MISC
MISC
broadcom -- sannavWebtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).2021-06-097.5CVE-2020-15377
MISC
chiyu-tech -- bf-430_firmwareAn authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.2021-06-047.5CVE-2021-31251
CONFIRM
MISC
MISC
linux -- linux_kernelThe eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).2021-06-047.2CVE-2021-3489
MISC
UBUNTU
UBUNTU
MISC
MLIST
linux -- linux_kernelThe eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).2021-06-047.2CVE-2021-3490
UBUNTU
MISC
MISC
UBUNTU
MLIST
linux -- linux_kernelThe io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).2021-06-047.2CVE-2021-3491
UBUNTU
UBUNTU
MISC
MISC
MLIST
microsoft -- intune_management_extensionMicrosoft Intune Management Extension Remote Code Execution Vulnerability2021-06-087.5CVE-2021-31980
MISC
microsoft -- windows_10Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31976.2021-06-087.8CVE-2021-31975
MISC
microsoft -- windows_10Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31975.2021-06-087.8CVE-2021-31976
MISC
microsoft -- windows_10Kerberos AppContainer Security Feature Bypass Vulnerability2021-06-087.5CVE-2021-31962
MISC
qualcomm -- apq8009_firmwareOut of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-097.8CVE-2020-11241
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accela -- civic_platformIn Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS.2021-06-074.3CVE-2021-33904
MISC
MISC
adiscon -- loganalyzerAdiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.2021-06-084.3CVE-2021-31738
MISC
bloofox -- bloofoxcmsBloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.2021-06-044CVE-2020-36142
MISC
bloofox -- bloofoxcmsBloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.2021-06-046.5CVE-2020-36141
MISC
bloofox -- bloofoxcmsBloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).2021-06-044.3CVE-2020-36140
MISC
broadcom -- sannavBrocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.2021-06-095CVE-2020-15384
MISC
broadcom -- sannavBrocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.2021-06-095CVE-2020-15380
MISC
broadcom -- sannavThe OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.2021-06-095CVE-2020-15378
MISC
broadcom -- sannavBrocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.2021-06-095.5CVE-2020-15385
MISC
chiyu-tech -- bf-430_firmwareAn open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.2021-06-045.8CVE-2021-31252
CONFIRM
MISC
MISC
chiyu-tech -- bf-430_firmwareA CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.2021-06-046.4CVE-2021-31249
MISC
MISC
MISC
cisco -- webex_meetings_desktopA vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account.2021-06-046.9CVE-2021-1536
CISCO
ckeditor -- ckeditorA cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.2021-06-094.3CVE-2021-33829
MISC
cloverdx -- cloverdxA cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.2021-06-094.3CVE-2021-30133
CONFIRM
MISC
dino -- dinoDino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.2021-06-075CVE-2021-33896
CONFIRM
MISC
MLIST
dlink -- dir-868l_firmwareThe D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.2021-06-045CVE-2020-29321
MISC
dlink -- dir-880l_firmwareThe D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.2021-06-045CVE-2020-29322
MISC
dlink -- dir-885l-mfc_firmwareThe D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.2021-06-045CVE-2020-29323
MISC
dlink -- dir-895l_mfc_firmwareThe DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.2021-06-045CVE-2020-29324
MISC
entrouvert -- lassoLasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.2021-06-045CVE-2021-28091
MISC
MISC
MISC
DEBIAN
MLIST
FEDORA
FEDORA
esri -- arcgis_serverA SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue.2021-06-075CVE-2021-29099
CONFIRM
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.2021-06-084.3CVE-2021-22220
CONFIRM
MISC
MISC
google -- chromeType confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30517
MISC
MISC
google -- chromeInsufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.2021-06-074.3CVE-2021-30533
MISC
MISC
google -- chromeInsufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.2021-06-074.3CVE-2021-30532
MISC
MISC
google -- chromeInsufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.2021-06-074.3CVE-2021-30531
MISC
MISC
google -- chromeUse after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30514
MISC
MISC
google -- chromeType confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30513
MISC
MISC
google -- chromeOut of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.2021-06-045.8CVE-2021-30511
MISC
MISC
google -- chromeUse after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30512
MISC
MISC
google -- chromeInsufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.2021-06-074.3CVE-2021-30537
MISC
MISC
google -- chromeOut of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.2021-06-075.8CVE-2021-30536
MISC
MISC
google -- chromeInsufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.2021-06-075.8CVE-2021-30539
MISC
MISC
google -- chromeUse after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30510
MISC
MISC
google -- chromeOut of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.2021-06-046.8CVE-2021-30509
MISC
MISC
google -- chromeHeap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30508
MISC
MISC
google -- chromeInappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.2021-06-046.8CVE-2021-30507
MISC
MISC
google -- chromeIncorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.2021-06-046.8CVE-2021-30506
MISC
MISC
google -- chromeInsufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2021-06-074.3CVE-2021-30534
MISC
MISC
google -- chromeInsufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.2021-06-074.3CVE-2021-30538
MISC
MISC
google -- chromeHeap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30518
MISC
MISC
google -- chromeUse after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30527
MISC
MISC
google -- chromeUse after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30519
MISC
MISC
google -- chromeUse after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30520
MISC
MISC
google -- chromeHeap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.2021-06-076.8CVE-2021-30521
MISC
MISC
google -- chromeUse after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30522
MISC
MISC
MISC
google -- chromeUse after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.2021-06-076.8CVE-2021-30523
MISC
MISC
google -- chromeUse after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30524
MISC
MISC
google -- chromeUse after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30525
MISC
MISC
google -- chromeOut of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.2021-06-076.8CVE-2021-30526
MISC
MISC
google -- chromeUse after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30528
MISC
MISC
google -- chromeUse after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30515
MISC
MISC
google -- chromeUse after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30529
MISC
MISC
google -- chromeDouble free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30535
MISC
MISC
google -- chromeUse after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30542
MISC
MISC
google -- chromeUse after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2021-06-076.8CVE-2021-30543
MISC
MISC
google -- chromeIncorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.2021-06-074.3CVE-2021-30540
MISC
MISC
google -- chromeHeap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2021-06-046.8CVE-2021-30516
MISC
MISC
google -- chromeOut of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.2021-06-076.8CVE-2021-30530
MISC
MISC
ibm -- datapower_gatewayIBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033.2021-06-075CVE-2020-5008
CONFIRM
XF
ibm -- websphere_application_server_ndIBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435.2021-06-076.5CVE-2021-20517
CONFIRM
XF
inverse -- sogoSOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)2021-06-045CVE-2021-33054
MISC
MISC
MISC
jnews -- jnewsThe JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.2021-06-074.3CVE-2021-24342
CONFIRM
luca-app -- lucaLuca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number Registration.2021-06-045CVE-2021-33838
MISC
MISC
MISC
MISC
luca-app -- lucaThe server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature.2021-06-045CVE-2021-33840
MISC
MISC
luca-app -- lucaLuca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting.2021-06-045CVE-2021-33839
MISC
MISC
MISC
MISC
microsoft -- 365_appsMicrosoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31940.2021-06-086.8CVE-2021-31941
MISC
MISC
microsoft -- 365_appsMicrosoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31941.2021-06-086.8CVE-2021-31940
MISC
microsoft -- 3d_viewer3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31942.2021-06-086.8CVE-2021-31943
MISC
microsoft -- 3d_viewer3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31943.2021-06-086.8CVE-2021-31942
MISC
microsoft -- 3d_viewer3D Viewer Information Disclosure Vulnerability2021-06-084.3CVE-2021-31944
MISC
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2021-06-085.1CVE-2021-33741
MISC
microsoft -- kubernetes_toolsMicrosoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability2021-06-086.8CVE-2021-31938
MISC
microsoft -- malware_protection_engineMicrosoft Defender Remote Code Execution Vulnerability2021-06-086.8CVE-2021-31985
MISC
microsoft -- paint_3dPaint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983.2021-06-086.8CVE-2021-31946
MISC
MISC
microsoft -- paint_3dPaint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31946, CVE-2021-31983.2021-06-086.8CVE-2021-31945
MISC
MISC
microsoft -- sharepoint_enterprise_serverMicrosoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966.2021-06-086.5CVE-2021-26420
MISC
microsoft -- vp9_video_extensionsVP9 Video Extensions Remote Code Execution Vulnerability2021-06-086.8CVE-2021-31967
MISC
microsoft -- windows_10Windows Remote Desktop Services Denial of Service Vulnerability2021-06-085CVE-2021-31968
MISC
microsoft -- windows_10Server for NFS Denial of Service Vulnerability2021-06-085CVE-2021-31974
MISC
microsoft -- windows_10Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability2021-06-084.6CVE-2021-31969
MISC
microsoft -- windows_10Windows GPSVC Elevation of Privilege Vulnerability2021-06-084.6CVE-2021-31973
MISC
microsoft -- windows_10Windows HTML Platform Security Feature Bypass Vulnerability2021-06-086.8CVE-2021-31971
MISC
microsoft -- windows_server_2008Windows DCOM Server Security Feature Bypass2021-06-084.3CVE-2021-26414
MISC
microsoft -- windows_server_2008Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31199.2021-06-084.6CVE-2021-31201
MISC
microsoft -- windows_server_2008Windows Print Spooler Elevation of Privilege Vulnerability2021-06-086.8CVE-2021-1675
MISC
openexr -- openexrAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.2021-06-084.3CVE-2021-23215
FEDORA
MISC
openexr -- openexrAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.2021-06-084.3CVE-2021-26260
FEDORA
MISC
openexr -- openexrAn integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.2021-06-084.3CVE-2021-26945
MISC
openexr -- openexrA heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.2021-06-086.8CVE-2021-23169
FEDORA
MISC
FEDORA
openvpn -- openvpn_access_serverOpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.2021-06-045CVE-2020-36382
MISC
MISC
pagelayer -- pagelayerPageLayer before 1.3.5 allows reflected XSS via the font-size parameter.2021-06-074.3CVE-2020-36383
MISC
pagelayer -- pagelayerPageLayer before 1.3.5 allows reflected XSS via color settings.2021-06-074.3CVE-2020-36384
MISC
qualcomm -- apq8009_firmwareTime-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-06-096.9CVE-2020-11233
CONFIRM
qualcomm -- apq8009w_firmwareUse after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2021-06-096.9CVE-2020-11250
CONFIRM
qualcomm -- apq8096au_firmwareResource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-06-094.6CVE-2020-11160
CONFIRM
refined-github_project -- refined-githubThe Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns.2021-06-094.3CVE-2021-34364
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-33661
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FLI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-33660
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-33659
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-27641
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-27638
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-27639
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-27640
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-27642
MISC
MISC
sap -- 3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.2021-06-094.3CVE-2021-27643
MISC
MISC
simple-log_project -- simple-logCross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".2021-06-076.8CVE-2020-18265
MISC
simple-log_project -- simple-logCross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member".2021-06-076.8CVE-2020-18264
MISC
tracefinanacial -- crestbridgeTrace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.2021-06-106.5CVE-2020-24667
MISC
MISC
tracefinanacial -- crestbridgeTrace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.2021-06-106.5CVE-2020-24671
MISC
MISC
wireshark -- wiresharkInfinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file2021-06-075CVE-2021-22222
CONFIRM
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
bloofox -- bloofoxcmsBloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.2021-06-043.5CVE-2020-36139
MISC
chiyu-tech -- bf-430_firmwareMultiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.2021-06-043.5CVE-2021-31250
MISC
MISC
MISC
iflychat -- iflychatThe iFlyChat - WordPress Chat plugin through 4.6.4 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue2021-06-073.5CVE-2021-24343
CONFIRM
microsoft -- malware_protection_engineMicrosoft Defender Denial of Service Vulnerability2021-06-082.1CVE-2021-31978
MISC
microsoft -- windows_10Windows Kernel Information Disclosure Vulnerability2021-06-082.1CVE-2021-31955
MISC
microsoft -- windows_10Windows Bind Filter Driver Information Disclosure Vulnerability2021-06-082.1CVE-2021-31960
MISC
microsoft -- windows_10Windows TCP/IP Driver Security Feature Bypass Vulnerability2021-06-082.1CVE-2021-31970
MISC
microsoft -- windows_10Event Tracing for Windows Information Disclosure Vulnerability2021-06-082.1CVE-2021-31972
MISC
openvpn -- openvpn_access_serverOpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.2021-06-043.5CVE-2020-15077
MISC
MISC
tracefinanacial -- crestbridgeTrace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.2021-06-103.5CVE-2020-24663
MISC
MISC
tracefinancial -- crestbridgeTrace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.2021-06-103.5CVE-2020-24668
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
edk2 -- edk2A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.2021-06-11not yet calculatedCVE-2021-28211
MISC
2sic -- 2sxc
 
An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser.2021-06-07not yet calculatedCVE-2020-26885
MISC
MISC
CONFIRM
MISC
N/A -- N/A
 
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability2021-06-08not yet calculatedCVE-2021-31952
MISC
accela -- civic_platform
 
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.2021-06-09not yet calculatedCVE-2021-34370
MISC
accela -- civic_platform
 
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value.2021-06-09not yet calculatedCVE-2021-34369
MISC
accenture -- annex_cloud_loyalty_experience_platform
 
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2.2021-06-10not yet calculatedCVE-2021-31927
MISC
MISC
accenture -- annex_cloud_loyalty_experience_platform
 
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2.2021-06-10not yet calculatedCVE-2021-31928
MISC
MISC
accenture -- annex_cloud_loyalty_experience_platform
 
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals.2021-06-10not yet calculatedCVE-2021-31929
MISC
MISC
accusoft -- imagegearAn improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.2021-06-11not yet calculatedCVE-2021-21833
MISC
accusoft -- imagegear
 
A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.2021-06-11not yet calculatedCVE-2021-21795
MISC
accusoft -- imagegear
 
A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability.2021-06-11not yet calculatedCVE-2021-21808
MISC
accusoft -- imagegear
 
An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.2021-06-11not yet calculatedCVE-2021-21824
MISC
advantech -- iview
 
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).2021-06-11not yet calculatedCVE-2021-32932
MISC
advantech -- iview
 
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).2021-06-11not yet calculatedCVE-2021-32930
MISC
advantech -- webaccess
 
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.2021-06-11not yet calculatedCVE-2021-34540
MISC
MISC
amd -- cpu_productsPotential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.2021-06-09not yet calculatedCVE-2021-26313
MISC
MLIST
CONFIRM
MLIST
MLIST
MLIST
amd -- cpu_products
 
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.2021-06-09not yet calculatedCVE-2021-26314
MISC
MLIST
MLIST
ansible -- ansible
 
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.2021-06-09not yet calculatedCVE-2021-3533
MISC
ansible -- ansible
 
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.2021-06-09not yet calculatedCVE-2021-3532
MISC
apache -- apisix_dashboard
 
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.12021-06-08not yet calculatedCVE-2021-33190
CONFIRM
MLIST
MLIST
apache -- http_server
 
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service2021-06-10not yet calculatedCVE-2021-26690
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
apache -- http_server
 
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow2021-06-10not yet calculatedCVE-2021-26691
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
apache -- http_server
 
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow2021-06-10not yet calculatedCVE-2020-35452
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
apache -- http_server
 
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows2021-06-10not yet calculatedCVE-2020-13938
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
apache -- http_server
 
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service2021-06-10not yet calculatedCVE-2020-13950
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
apache -- http_server
 
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.2021-06-10not yet calculatedCVE-2019-17567
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
apache -- http_server_versions
 
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'2021-06-10not yet calculatedCVE-2021-30641
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
apache -- pdfbox
 
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.2021-06-12not yet calculatedCVE-2021-31811
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
apache -- pdfbox
 
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.2021-06-12not yet calculatedCVE-2021-31812
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
atlassian -- jira_server_and_data_center
 
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.2021-06-07not yet calculatedCVE-2021-26078
MISC
atlassian -- jira_server_and_data_center
 
The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.2021-06-07not yet calculatedCVE-2021-26079
MISC
atlassian -- jira_server_and_data_center
 
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.2021-06-07not yet calculatedCVE-2021-26080
MISC
atom -- atomThe ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted communication via a crafted certificate.2021-06-09not yet calculatedCVE-2021-20732
MISC
MISC
auth0 -- lock
 
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is incorporated into the `flashMessage` or the library's `languageDictionary` feature is utilized and user input or data from URL parameters is incorporated into the `languageDictionary`. The vulnerability is patched in version 11.30.1.2021-06-04not yet calculatedCVE-2021-32641
MISC
MISC
CONFIRM
aveva -- intouch_runtime_2020_r2
 
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.2021-06-09not yet calculatedCVE-2021-32942
MISC
MISC
battle.net -- battle.net
 
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control"2021-06-09not yet calculatedCVE-2020-27383
MISC
big-ip -- big-iq
 
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2021-06-10not yet calculatedCVE-2021-23024
MISC
big-ip -- edge_client
 
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2021-06-10not yet calculatedCVE-2021-23022
MISC
big-ip -- edge_client
 
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2021-06-10not yet calculatedCVE-2021-23023
MISC
bluez -- bluez
 
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.2021-06-09not yet calculatedCVE-2021-0129
MISC
bluez -- bluez
 
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.2021-06-10not yet calculatedCVE-2021-3588
MISC
bosch -- ip_camerasAn authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).2021-06-09not yet calculatedCVE-2021-23852
CONFIRM
bosch -- ip_camerasAn error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.2021-06-09not yet calculatedCVE-2021-23854
CONFIRM
bosch -- ip_cameras
 
In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.2021-06-09not yet calculatedCVE-2021-23853
CONFIRM
bosch -- ip_cameras
 
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.2021-06-09not yet calculatedCVE-2021-23848
CONFIRM
bosch -- ip_cameras
 
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.2021-06-09not yet calculatedCVE-2021-23847
CONFIRM
brocade -- fabric_os
 
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.2021-06-09not yet calculatedCVE-2020-15387
MISC
brocade -- fabric_os
 
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.2021-06-09not yet calculatedCVE-2020-15386
MISC
brocade -- fabric_os
 
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.2021-06-09not yet calculatedCVE-2020-15383
MISC
brocade -- sannav

 

Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.2021-06-09not yet calculatedCVE-2020-15381
MISC
brocade -- sannav

 

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.2021-06-09not yet calculatedCVE-2020-15382
MISC
brocade -- sannav
 
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.2021-06-09not yet calculatedCVE-2020-15379
MISC
buffalo -- wsr-1166dhp3
 
WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors.2021-06-09not yet calculatedCVE-2021-20731
MISC
MISC
buffalo -- wsr-1166dhp3
 
Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors.2021-06-09not yet calculatedCVE-2021-20730
MISC
MISC
calipso -- calipso
 
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.2021-06-07not yet calculatedCVE-2021-23391
MISC
MISC
cerberus -- ftp_server_enterprise
 
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.2021-06-10not yet calculatedCVE-2019-25046
MISC
MISC
circutor_sge-plc1000 -- circutor_sge-plc1000
 
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.2021-06-09not yet calculatedCVE-2021-33842
CONFIRM
cloudforms -- cloudforms
 
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected2021-06-07not yet calculatedCVE-2020-25716
MISC
cloverdx -- cloverdx
 
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.2021-06-09not yet calculatedCVE-2021-29995
CONFIRM
MISC
connmann -- connmann
 
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).2021-06-09not yet calculatedCVE-2021-33833
MLIST
MISC
cubecoders -- cubecoders
 
An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution.2021-06-10not yet calculatedCVE-2021-34539
MISC
curl -- curl
 
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.2021-06-11not yet calculatedCVE-2021-22897
MISC
MISC
MISC
curl -- curl
 
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.2021-06-11not yet calculatedCVE-2021-22901
MISC
MISC
MISC
curl -- curl
 
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.2021-06-11not yet calculatedCVE-2021-22898
MISC
MISC
MISC
datasette -- datasette
 
Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `&_trace=` in their query string parameters.2021-06-07not yet calculatedCVE-2021-32670
MISC
MISC
MISC
CONFIRM
MISC
dell -- emc_networkerDell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server.2021-06-08not yet calculatedCVE-2021-21559
CONFIRM
dell -- emc_networker
 
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.2021-06-08not yet calculatedCVE-2021-21558
CONFIRM
django -- django
 
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.2021-06-08not yet calculatedCVE-2021-33203
MISC
CONFIRM
MISC
django -- django
 
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .2021-06-08not yet calculatedCVE-2021-33571
MISC
MISC
CONFIRM
drupal -- core
 
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6.2021-06-11not yet calculatedCVE-2020-13688
CONFIRM
drupal -- core
 
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.2021-06-11not yet calculatedCVE-2020-13663
CONFIRM
e-series -- santricity_os_controller_softwareE-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks.2021-06-11not yet calculatedCVE-2021-26997
MISC
e-series -- santricity_os_controller_software
 
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server.2021-06-11not yet calculatedCVE-2021-26993
MISC
e-series -- santricity_os_controller_software
 
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code.2021-06-11not yet calculatedCVE-2021-26995
MISC
e-series -- santricity_os_controller_software
 
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks.2021-06-11not yet calculatedCVE-2021-26996
MISC
eclipse -- jetty
 
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.2021-06-09not yet calculatedCVE-2021-28169
CONFIRM
edk2 -- edk2
 
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.2021-06-11not yet calculatedCVE-2021-28213
MISC
edk2 -- edk2
 
An unlimited recursion in DxeCore in EDK II.2021-06-11not yet calculatedCVE-2021-28210
MISC
emq_x_broker -- emq_x_broker
 
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.2021-06-08not yet calculatedCVE-2021-33175
MISC
emtec -- zoc
 
EmTec ZOC before 8.02.2 allows \e[201~ pastes.2021-06-06not yet calculatedCVE-2021-32198
MISC
enerlinox -- comox
 
A CWE-269: Improper Privilege Management vulnerability exists in EnerlinÕX ComÕX versions prior to V6.8.4 that could cause disclosure of device configuration information to any authenticated user when a specially crafted request is sent to the device.2021-06-11not yet calculatedCVE-2021-22769
MISC
estsoft -- unegg
 
UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary code execution. This issue affects: Estsoft UnEGG 0.5 versions prior to 1.0 on linux.2021-06-11not yet calculatedCVE-2020-7860
MISC
flarum -- flarum
 
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as <script>alert('test')</script> resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2.2021-06-07not yet calculatedCVE-2021-32671
MISC
CONFIRM
MISC
flask-appbuilder -- flask-appbuilder
 
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.2021-06-07not yet calculatedCVE-2021-29621
MISC
CONFIRM
MISC
foreman_project -- foreman_project
 
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected2021-06-07not yet calculatedCVE-2021-20259
MISC
fxbin -- bubble-fireworks
 
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs.2021-06-04not yet calculatedCVE-2021-29500
CONFIRM
gallagher -- command_centre_serverImproper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.2021-06-11not yet calculatedCVE-2021-23205
MISC
gallagher -- command_centre_serverA SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.2021-06-11not yet calculatedCVE-2021-23230
MISC
gallagher -- command_centre_serverCleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).2021-06-11not yet calculatedCVE-2021-23211
MISC
gallagher -- command_centre_serverCleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.2021-06-11not yet calculatedCVE-2021-23182
MISC
gallagher -- command_centre_server
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3).2021-06-11not yet calculatedCVE-2021-23204
MISC
gallagher -- command_centre_server
 
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.2021-06-11not yet calculatedCVE-2021-23140
MISC
gallagher -- command_centre_server
 
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.2021-06-11not yet calculatedCVE-2021-23136
MISC
gitlab -- gitlabAn information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects2021-06-08not yet calculatedCVE-2021-22215
MISC
CONFIRM
gitlab -- gitlabAll versions of GitLab CE/EE starting with 12.8 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.2021-06-08not yet calculatedCVE-2021-22218
CONFIRM
MISC
MISC
gitlab -- gitlabA cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari2021-06-08not yet calculatedCVE-2021-22213
MISC
MISC
CONFIRM
gitlab -- gitlabA denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request2021-06-08not yet calculatedCVE-2021-22217
MISC
CONFIRM
MISC
gitlab -- gitlab
 
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited2021-06-08not yet calculatedCVE-2021-22214
MISC
MISC
CONFIRM
gitlab -- gitlab
 
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled2021-06-11not yet calculatedCVE-2021-22175
MISC
MISC
CONFIRM
gitlab -- gitlab
 
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.2021-06-11not yet calculatedCVE-2021-22181
MISC
CONFIRM
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired2021-06-08not yet calculatedCVE-2021-22221
CONFIRM
MISC
gitlab -- gitlab
 
GitLab CE/EE since version 9.5 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.2021-06-08not yet calculatedCVE-2021-22219
CONFIRM
MISC
gitlab -- gitlab
 
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description2021-06-08not yet calculatedCVE-2021-22216
CONFIRM
MISC
google -- androidIn memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834648662021-06-11not yet calculatedCVE-2021-0489
MISC
google -- androidIn BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1737917202021-06-11not yet calculatedCVE-2021-0482
MISC
google -- androidIn memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834679122021-06-11not yet calculatedCVE-2021-0496
MISC
google -- android
 
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-1729391892021-06-11not yet calculatedCVE-2021-0481
MISC
google -- android
 
In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-1737207672021-06-11not yet calculatedCVE-2021-0484
MISC
google -- android
 
In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1743026162021-06-11not yet calculatedCVE-2021-0485
MISC
google -- android
 
In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-1744933362021-06-11not yet calculatedCVE-2021-0480
MISC
google -- android
 
In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-1781892502021-06-11not yet calculatedCVE-2021-0477
MISC
google -- android
 
In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1740463972021-06-11not yet calculatedCVE-2021-0487
MISC
google -- android
 
In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-1692525012021-06-11not yet calculatedCVE-2021-0476
MISC
google -- android
 
In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-1756861682021-06-11not yet calculatedCVE-2021-0475
MISC
google -- android
 
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1776119582021-06-11not yet calculatedCVE-2021-0474
MISC
google -- android
 
In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-1796872082021-06-11not yet calculatedCVE-2021-0473
MISC
google -- android
 
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834648682021-06-11not yet calculatedCVE-2021-0490
MISC
google -- android
 
In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834613152021-06-11not yet calculatedCVE-2021-0491
MISC
google -- android
 
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834590782021-06-11not yet calculatedCVE-2021-0492
MISC
google -- android
 
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834613172021-06-11not yet calculatedCVE-2021-0493
MISC
google -- android
 
In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834613182021-06-11not yet calculatedCVE-2021-0494
MISC
google -- android
 
In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-1768010332021-06-11not yet calculatedCVE-2021-0472
MISC
google -- android
 
In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834590832021-06-11not yet calculatedCVE-2021-0495
MISC
google -- android
 
In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834613212021-06-11not yet calculatedCVE-2021-0498
MISC
google -- android
 
Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.2021-06-09not yet calculatedCVE-2021-20728
MISC
MISC
google -- android
 
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1541147342021-06-11not yet calculatedCVE-2021-0466
MISC
google -- android
 
In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-94968862021-06-11not yet calculatedCVE-2019-9475
MISC
google -- android
 
In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834613202021-06-11not yet calculatedCVE-2021-0497
MISC
google -- asylo
 
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c2021-06-08not yet calculatedCVE-2021-22549
MISC
google -- asylo
 
An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c2021-06-08not yet calculatedCVE-2021-22550
MISC
google -- asylo
 
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c2021-06-08not yet calculatedCVE-2021-22548
MISC
google -- nextcloud_android
 
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.12021-06-08not yet calculatedCVE-2021-32658
CONFIRM
MISC
MISC
guild_wars_2 -- guild_wars_2
 
The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.2021-06-09not yet calculatedCVE-2020-27384
MISC
hitachi -- id_bravura_security_fabric
 
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.2021-06-09not yet calculatedCVE-2021-3196
MISC
CONFIRM
CONFIRM
ibm -- financial_transaction_manager
 
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.2021-06-11not yet calculatedCVE-2020-5003
CONFIRM
XF
ibm -- qradar_siem
 
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.2021-06-11not yet calculatedCVE-2021-20396
CONFIRM
XF
ibm -- wepsphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.2021-06-11not yet calculatedCVE-2021-29754
CONFIRM
XF
icecoder -- icecoder
 
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.2021-06-08not yet calculatedCVE-2021-32106
MISC
MISC
inlgss -- definitionA CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22759
MISC
inlgss -- definitionA CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition.2021-06-11not yet calculatedCVE-2021-22752
MISC
inlgss -- definitionA CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22756
MISC
inlgss -- definition
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition.2021-06-11not yet calculatedCVE-2021-22762
MISC
inlgss -- definition
 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22755
MISC
inlgss -- definition
 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22754
MISC
inlgss -- definition
 
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.2021-06-11not yet calculatedCVE-2021-22753
MISC
inlgss -- definition
 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22751
MISC
inlgss -- definition
 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22750
MISC
inlgss -- definition
 
A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22758
MISC
inlgss -- definition
 
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22757
MISC
inlgss -- definition
 
A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22760
MISC
inlgss -- definition
 
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition.2021-06-11not yet calculatedCVE-2021-22761
MISC
intel -- atom_processors
 
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.2021-06-09not yet calculatedCVE-2020-24513
MISC
intel -- brand_verification_tool
 
Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0086
MISC
MLIST
intel -- computing_improvement_program
 
Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0074
MISC
intel -- computing_improvement_program
 
Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0052
MISC
intel -- csme
 
Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-8703
MISC
CONFIRM
intel -- csme
 
Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access.2021-06-09not yet calculatedCVE-2020-24506
MISC
CONFIRM
intel -- csme
 
Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.2021-06-09not yet calculatedCVE-2020-24507
MISC
CONFIRM
intel -- csme
 
Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.2021-06-09not yet calculatedCVE-2020-24516
MISC
intel -- dsa
 
Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0073
MISC
intel -- dsa
 
Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0094
MISC
intel -- dsa
 
Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0090
MISC
intel -- ipp
 
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.2021-06-09not yet calculatedCVE-2021-0001
MISC
intel -- lms
 
Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-8704
MISC
intel -- nuc
 
&nbsp;Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0067
MISC
intel -- nuc
 
Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0054
MISC
intel -- nuc_9_extreme_laptop_kit_lan_drivers
 
Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop Kit LAN Drivers before version 10.42 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0055
MISC
intel -- nuc_m15_laptop_kit_driver_pack
 
Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0058
MISC
intel -- nuc_m15_laptop_kit_driver_pack
 
Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0057
MISC
intel -- nuc_m15_laptop_kit_driver_pack
 
Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0056
MISC
intel -- optane_dc_persistent_memory
 
Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0106
MISC
intel -- processor_diagnostic_tool
 
Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-8702
MISC
intel -- processorsImproper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-8700
MISC
intel -- processorsImproper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-12357
MISC
intel -- processorsOut of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-12360
MISC
intel -- processorsInsufficient control flow management in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access.2021-06-09not yet calculatedCVE-2020-12359
MISC
intel -- processors
 
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-24486
MISC
intel -- processors
 
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.2021-06-09not yet calculatedCVE-2021-0089
MISC
MLIST
MLIST
MLIST
intel -- processors
 
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.2021-06-09not yet calculatedCVE-2020-24511
MISC
CONFIRM
intel -- processors
 
Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-8670
MISC
intel -- processors
 
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.2021-06-09not yet calculatedCVE-2020-24512
MISC
CONFIRM
intel -- processors
 
Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12358
MISC
intel -- processrs
 
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.2021-06-09not yet calculatedCVE-2021-0095
MISC
intel -- proset_wireless_wifi
 
Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi drivers may allow an authenticated user to potentially enable information disclosure and denial of service via adjacent access.2021-06-09not yet calculatedCVE-2021-0105
MISC
intel -- rapid_storage_technology
 
Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0104
MISC
intel -- realsense_ids
 
Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.2021-06-09not yet calculatedCVE-2020-24514
MISC
intel -- realsense_ids
 
Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.2021-06-09not yet calculatedCVE-2020-24515
MISC
intel -- security_library
 
Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access.2021-06-09not yet calculatedCVE-2021-0131
MISC
intel -- security_library
 
Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.2021-06-09not yet calculatedCVE-2021-0132
MISC
intel -- security_library
 
Key exchange without entity authentication in the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access.2021-06-09not yet calculatedCVE-2021-0133
MISC
intel -- security_library
 
Improper input validation in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.2021-06-09not yet calculatedCVE-2021-0134
MISC
intel -- server_board
 
Improper input validation in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.2021-06-09not yet calculatedCVE-2021-0070
MISC
intel -- server_board_m10jnp2sb
 
Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.2021-06-09not yet calculatedCVE-2021-0097
MISC
intel -- server_board_m10jnp2sb
 
Out of bounds write in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.2021-06-09not yet calculatedCVE-2021-0113
MISC
intel -- server_board_m10jnp2sb
 
Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.2021-06-09not yet calculatedCVE-2021-0101
MISC
intel -- server_boardsImproper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-24475
MISC
intel -- server_boardsOut of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-24473
MISC
intel -- server_boards
 
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.2021-06-09not yet calculatedCVE-2020-24474
MISC
intel -- sps
 
Improper input validation in the Intel(R) SPS versions before SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 or SPS_SoC-A_05.00.03.098.0 may allow a privileged user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2021-0051
MISC
intel -- sps_products
 
Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-24509
MISC
CONFIRM
intel -- ssd_data_center_tool
 
Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0100
MISC
intel -- thunderboltImproper conditions check in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12292
MISC
intel -- thunderboltUncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12291
MISC
intel -- thunderbolt
 
Improper access control in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12290
MISC
intel -- thunderbolt
 
Improper control of a resource through its lifetime in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12293
MISC
intel -- thunderbolt
 
Insufficient control flow management in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12294
MISC
intel -- thunderbolt
 
Improper input validation in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12295
MISC
intel -- thunderbolt
 
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12296
MISC
intel -- thunderbolt
 
Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12289
MISC
intel -- thunderbolt
 
Protection mechanism failure in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.2021-06-09not yet calculatedCVE-2020-12288
MISC
intel -- unite_client
 
Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0098
MISC
intel -- unite_client
 
Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0108
MISC
intel -- unite_client
 
Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0112
MISC
intel -- unite_client
 
Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0102
MISC
intel -- vt-d_products
 
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2020-24489
MISC
intel -- vtune_profiler
 
Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-06-09not yet calculatedCVE-2021-0077
MISC
intland -- codebeamer_almA cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only).2021-06-08not yet calculatedCVE-2020-26517
MISC
MISC
intland -- codebeamer_alm
 
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.2021-06-08not yet calculatedCVE-2020-26516
MISC
MISC
intland -- codebeamer_alm
 
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key.2021-06-08not yet calculatedCVE-2020-26515
MISC
MISC
invoice_ninja -- invoice_ninja
 
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain contexts, this can result in remote code execution. The attacker's input must be hosted at http://www.geoplugin.net (cleartext HTTP), and thus a successful attack requires spoofing that site or obtaining control of it.2021-06-06not yet calculatedCVE-2021-33898
MISC
ipfire_2.25-core155 -- ipfire_2.25-core155
 
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.2021-06-09not yet calculatedCVE-2021-33393
MISC
MISC
MISC
irzip -- irzipA null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.2021-06-10not yet calculatedCVE-2021-27345
MISC
irzip -- irzip
 
Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.2021-06-10not yet calculatedCVE-2021-27347
MISC
irzip -- irzip
 
A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.2021-06-10not yet calculatedCVE-2020-25467
MISC
MISC
jenkins -- kiuwan_plugin
 
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.2021-06-10not yet calculatedCVE-2021-21666
CONFIRM
MLIST
jenkins -- kubernetes
 
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2021-06-10not yet calculatedCVE-2021-21661
CONFIRM
MLIST
jenkins -- zebialabsxl_deploy_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.2021-06-10not yet calculatedCVE-2021-21665
CONFIRM
MLIST
jenkins -- zebialabsxl_deploy_plugin
 
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.2021-06-10not yet calculatedCVE-2021-21662
CONFIRM
MLIST
jenkins -- zebialabsxl_deploy_plugin
 
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.2021-06-10not yet calculatedCVE-2021-21664
CONFIRM
MLIST
jenkins -- zebialabsxl_deploy_plugin
 
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.2021-06-10not yet calculatedCVE-2021-21663
CONFIRM
MLIST
jerryscript -- jerryscriptAn issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file.2021-06-10not yet calculatedCVE-2021-26199
CONFIRM
jerryscript -- jerryscript
 
An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file.2021-06-10not yet calculatedCVE-2021-26194
CONFIRM
jerryscript -- jerryscript
 
An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file.2021-06-10not yet calculatedCVE-2021-26198
CONFIRM
jerryscript -- jerryscript
 
An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.2021-06-10not yet calculatedCVE-2021-26195
CONFIRM
jerryscript -- jerryscript
 
An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file.2021-06-10not yet calculatedCVE-2021-26197
CONFIRM
jt2go -- teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131)2021-06-08not yet calculatedCVE-2021-27390
MISC
kubernetes -- kubernetes
 
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.2021-06-07not yet calculatedCVE-2020-1742
MISC
labcup -- labcup
 
In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03.2021-06-10not yet calculatedCVE-2021-33031
MISC
MISC
lancom_rands -- unified_firewall
 
LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal.2021-06-10not yet calculatedCVE-2021-31538
MISC
libsapeextractor -- libraryAn improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.2021-06-11not yet calculatedCVE-2021-25386
MISC
libsapeextractor -- library
 
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.2021-06-11not yet calculatedCVE-2021-25383
MISC
libsapeextractor -- library
 
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.2021-06-11not yet calculatedCVE-2021-25384
MISC
libsapeextractor -- library
 
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.2021-06-11not yet calculatedCVE-2021-25385
MISC
libsapeextractor -- library
 
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.2021-06-11not yet calculatedCVE-2021-25387
MISC
liferay -- liferay
 
Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.2021-06-09not yet calculatedCVE-2021-29049
CONFIRM
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.2021-06-07not yet calculatedCVE-2020-36387
MISC
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.2021-06-07not yet calculatedCVE-2019-25045
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.2021-06-07not yet calculatedCVE-2018-25015
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.2021-06-08not yet calculatedCVE-2021-3564
MISC
MLIST
MLIST
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.2021-06-07not yet calculatedCVE-2020-36385
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.2021-06-07not yet calculatedCVE-2020-36386
MISC
MISC
MISC
MISC
MISC
linux -- ssl_network_extender_client
 
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.2021-06-08not yet calculatedCVE-2021-30357
MISC
locutus -- locutus
 
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.2021-06-08not yet calculatedCVE-2021-23392
MISC
MISC
MISC
manageengine -- servicedesk_plus
 
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.2021-06-10not yet calculatedCVE-2021-20081
MISC
mcafee -- agent_for_windowsImproper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.2021-06-10not yet calculatedCVE-2021-31839
CONFIRM
mcafee -- agent_for_windows
 
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code.2021-06-10not yet calculatedCVE-2021-31840
CONFIRM
mcafee -- data_loss_prevention
 
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.2021-06-09not yet calculatedCVE-2021-31832
CONFIRM
mcafee -- getsusp
 
Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD.2021-06-09not yet calculatedCVE-2021-31837
CONFIRM
microsoft -- asp.net
 
ASP.NET Denial of Service Vulnerability2021-06-08not yet calculatedCVE-2021-31957
MISC
microsoft -- dwm_core_library
 
Microsoft DWM Core Library Elevation of Privilege Vulnerability2021-06-08not yet calculatedCVE-2021-33739
MISC
microsoft -- excel
 
Microsoft Excel Remote Code Execution Vulnerability2021-06-08not yet calculatedCVE-2021-31939
MISC
MISC
microsoft -- hyper-v
 
Windows Hyper-V Denial of Service Vulnerability2021-06-08not yet calculatedCVE-2021-31977
MISC
microsoft -- microsoft_enhanced_cryptographic_provider
 
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31201.2021-06-08not yet calculatedCVE-2021-31199
MISC
microsoft -- nfts
 
Windows NTFS Elevation of Privilege Vulnerability2021-06-08not yet calculatedCVE-2021-31956
MISC
microsoft -- outlook
 
Microsoft Outlook Remote Code Execution Vulnerability2021-06-08not yet calculatedCVE-2021-31949
MISC
microsoft -- paint_3d_remote
 
Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946.2021-06-08not yet calculatedCVE-2021-31983
MISC
MISC
microsoft -- scripting_engine
 
Scripting Engine Memory Corruption Vulnerability2021-06-08not yet calculatedCVE-2021-31959
MISC
MISC
microsoft -- sharepoint_server
 
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964.2021-06-08not yet calculatedCVE-2021-31950
MISC
MISC
microsoft -- sharepoint_server
 
Microsoft SharePoint Server Information Disclosure Vulnerability2021-06-08not yet calculatedCVE-2021-31965
MISC
microsoft -- sharepoint_server
 
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950.2021-06-08not yet calculatedCVE-2021-31964
MISC
microsoft -- sharepoint_server
 
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31963.2021-06-08not yet calculatedCVE-2021-31966
MISC
microsoft -- sharepoint_server
 
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31966.2021-06-08not yet calculatedCVE-2021-31963
MISC
microsoft -- sharepoint_server
 
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31950, CVE-2021-31964.2021-06-08not yet calculatedCVE-2021-31948
MISC
microsoft -- windows_common_log_file_system_driver
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability2021-06-08not yet calculatedCVE-2021-31954
MISC
MISC
microsoft -- windows_filter_manager
 
Windows Filter Manager Elevation of Privilege Vulnerability2021-06-08not yet calculatedCVE-2021-31953
MISC
microsoft -- windows_kernel
 
Windows Kernel Elevation of Privilege Vulnerability2021-06-08not yet calculatedCVE-2021-31951
MISC
microsoft -- windows_ntlm
 
Windows NTLM Elevation of Privilege Vulnerability2021-06-08not yet calculatedCVE-2021-31958
MISC
mintty -- mintty
 
Mintty before 3.4.7 mishandles Bracketed Paste Mode.2021-06-06not yet calculatedCVE-2021-31701
MISC
mitsubishi -- electric_melsec_iq-r_series_modules
 
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.2021-06-11not yet calculatedCVE-2021-20591
MISC
MISC
modicon -- x80_bmxnor0200H_rtu
 
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.2021-06-11not yet calculatedCVE-2021-22749
MISC
mongodb -- go_driver
 
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.2021-06-10not yet calculatedCVE-2021-20329
CONFIRM
moveit -- transfer
 
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.2021-06-09not yet calculatedCVE-2021-33894
CONFIRM
MISC
nagios_xi -- nagios_xi
 
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.2021-06-07not yet calculatedCVE-2021-3277
MISC
netsetman -- pro
 
An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature. To accomplish this, the attacker can navigate to cmd.exe.2021-06-10not yet calculatedCVE-2021-34546
MISC
MISC
MISC
FULLDISC
MISC
nextcloud -- android_app
 
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.2021-06-11not yet calculatedCVE-2021-22905
MISC
MISC
nextcloud -- deck
 
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.2021-06-11not yet calculatedCVE-2021-22913
MISC
MISC
nextcloud -- desktop_clientNextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.2021-06-11not yet calculatedCVE-2021-22895
MISC
MISC
MISC
MISC
nextcloud -- end-to-end_encryption
 
Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users.2021-06-11not yet calculatedCVE-2021-22906
MISC
MISC
nextcloud -- ios
 
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.2021-06-11not yet calculatedCVE-2021-22912
MISC
MISC
nextcloud -- mail
 
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.2021-06-11not yet calculatedCVE-2021-22896
MISC
MISC
MISC
MISC
nextcloud -- server
 
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.2021-06-11not yet calculatedCVE-2021-22915
MISC
MISC
nginx -- nginx
 
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.2021-06-06not yet calculatedCVE-2017-20005
MISC
MISC
MISC
MISC
MLIST
night_owl -- doorbell_fw
 
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events.2021-06-08not yet calculatedCVE-2020-28713
MISC
MISC
ntpkeygen -- ntpkeygen
 
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.2021-06-08not yet calculatedCVE-2021-22212
CONFIRM
MISC
MISC
nuvoton -- npct75x_firmware
 
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.2021-06-08not yet calculatedCVE-2021-32015
MISC
nxp -- mifare_ultralight_and_ntag
 
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.2021-06-06not yet calculatedCVE-2021-33881
MISC
MISC
MISC
MISC
omriinbar -- raspap
 
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.2021-06-09not yet calculatedCVE-2021-33356
MISC
MISC
MISC
MISC
MISC
MISC
omriinbar -- raspap
 
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.2021-06-09not yet calculatedCVE-2021-33357
MISC
MISC
omriinbar -- raspap
 
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands.2021-06-09not yet calculatedCVE-2021-33358
MISC
MISC
MISC
opendmarc -- opendmarcOpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.2021-06-10not yet calculatedCVE-2021-34555
MISC
MISC
openpgp -- elgamal
 
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.2021-06-08not yet calculatedCVE-2021-33560
MISC
MISC
MISC
MISC
openplc -- scadabr
 
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.2021-06-11not yet calculatedCVE-2021-26829
MISC
MISC
openplc -- scadabr
 
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.2021-06-11not yet calculatedCVE-2021-26828
MISC
MISC
MISC
palo_alto_networks -- checkov
 
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted.2021-06-10not yet calculatedCVE-2021-3040
MISC
palo_alto_networks -- cortex_xdr_agent
 
A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version.2021-06-10not yet calculatedCVE-2021-3041
MISC
palo_alto_networks -- prisma_cloud_compute_console
 
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.2021-06-10not yet calculatedCVE-2021-3039
MISC
polaris -- office
 
Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution. To exploit the vulnerability, someone must open a crafted PDF file.2021-06-08not yet calculatedCVE-2021-34280
MISC
poropro -- kuaifancms
 
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.2021-06-11not yet calculatedCVE-2021-3256
MISC
powerlogic -- multiple_productsA CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.2021-06-11not yet calculatedCVE-2021-22763
MISC
powerlogic -- multiple_productsA CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.2021-06-11not yet calculatedCVE-2021-22764
MISC
powerlogic -- multiple_products
 
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767.2021-06-11not yet calculatedCVE-2021-22768
MISC
powerlogic -- multiple_products
 
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-227682021-06-11not yet calculatedCVE-2021-22767
MISC
powerlogic -- multiple_products
 
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.2021-06-11not yet calculatedCVE-2021-22765
MISC
powerlogic -- multiple_products
 
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet.2021-06-11not yet calculatedCVE-2021-22766
MISC
prtg -- nework_monitor
 
PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation.2021-06-10not yet calculatedCVE-2021-34547
MISC
python -- websockets
 
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.2021-06-06not yet calculatedCVE-2021-33880
MISC
qnap -- qnap_nas
 
If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later2021-06-08not yet calculatedCVE-2021-28810
CONFIRM
qnap -- qnap_nas
 
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later2021-06-08not yet calculatedCVE-2021-28811
CONFIRM
qnap -- qnap_nas
 
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.2021-06-11not yet calculatedCVE-2021-28814
MISC
qnap -- qnap_switches
 
Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408.2021-06-11not yet calculatedCVE-2021-28805
MISC
qnap -- qnap_switches
 
An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.2021-06-11not yet calculatedCVE-2021-28801
MISC
qualcomm -- multiple_snapdragon_productsBuffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11235
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2021-06-09not yet calculatedCVE-2020-11182
CONFIRM
qualcomm -- multiple_snapdragon_productsWhile processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile2021-06-09not yet calculatedCVE-2020-11176
CONFIRM
qualcomm -- multiple_snapdragon_productsMemory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11165
CONFIRM
qualcomm -- multiple_snapdragon_productsStack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11267
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile2021-06-09not yet calculatedCVE-2020-11291
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-06-09not yet calculatedCVE-2020-11292
CONFIRM
qualcomm -- multiple_snapdragon_productsWhile waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11298
CONFIRM
qualcomm -- multiple_snapdragon_productsMemory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-06-09not yet calculatedCVE-2020-11240
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11304
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music2021-06-09not yet calculatedCVE-2020-11161
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11159
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11134
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11126
CONFIRM
qualcomm -- multiple_snapdragon_products
 
A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-06-09not yet calculatedCVE-2020-11262
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11306
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2021-1937
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-06-09not yet calculatedCVE-2021-1900
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11238
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-06-09not yet calculatedCVE-2020-11239
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11178
CONFIRM
qualcomm -- multiple_snapdragon_products
 
An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile2021-06-09not yet calculatedCVE-2020-11260
CONFIRM
qualcomm -- multiple_snapdragon_productssMemory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-06-09not yet calculatedCVE-2020-11261
CONFIRM
qualcomm -- snapdragon_wired_infrastructure_and_networkingMemory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11259
CONFIRM
qualcomm -- snapdragon_wired_infrastructure_and_networkingInformation disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11265
CONFIRM
qualcomm -- snapdragon_wired_infrastructure_and_networking
 
Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11256
CONFIRM
qualcomm -- snapdragon_wired_infrastructure_and_networking
 
Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11257
CONFIRM
qualcomm -- snapdragon_wired_infrastructure_and_networking
 
Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11258
CONFIRM
qualcomm -- snapdragon_wired_infrastructure_and_networking
 
Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking2021-06-09not yet calculatedCVE-2020-11266
CONFIRM
rabbitmq -- rabbitmq
 
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.2021-06-08not yet calculatedCVE-2021-22116
MISC
receita -- federal_irpf
 
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.2021-06-12not yet calculatedCVE-2021-34682
MISC
red_hat -- red_hatA flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.2021-06-07not yet calculatedCVE-2020-1719
MISC
red_hat -- red_hat
 
A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access to schedule new pods in the OpenShift cluster. This was fixed in openshift/machine-config-operator 4.4.3, openshift/machine-config-operator 4.3.25, openshift/machine-config-operator 4.2.36.2021-06-07not yet calculatedCVE-2020-1750
MISC
red_hat -- red_hat
 
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.2021-06-07not yet calculatedCVE-2020-1690
MISC
reg-viz -- regi-suit
 
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.2021-06-08not yet calculatedCVE-2021-32673
CONFIRM
MISC
MISC
MISC
resteasy -- resteasy
 
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.2021-06-10not yet calculatedCVE-2021-20293
MISC
restund -- restund
 
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, 'any' addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don't want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal.2021-06-11not yet calculatedCVE-2021-21382
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
ripgrep -- ripgrep
 
ripgrep before 13 allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.2021-06-11not yet calculatedCVE-2021-3013
CONFIRM
ruby_on_rails -- ruby_on_railsThe actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.2021-06-11not yet calculatedCVE-2021-22904
MISC
MISC
ruby_on_rails -- ruby_on_rails
 
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.2021-06-11not yet calculatedCVE-2021-22902
MISC
MISC
ruby_on_rails -- ruby_on_rails
 
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.2021-06-11not yet calculatedCVE-2021-22903
MISC
MISC
samsung -- account
 
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.2021-06-11not yet calculatedCVE-2021-25403
MISC
samsung -- bixby_voice
 
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.2021-06-11not yet calculatedCVE-2021-25398
MISC
samsung -- callbgprovier
 
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.2021-06-11not yet calculatedCVE-2021-25410
MISC
samsung -- contacts
 
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.2021-06-11not yet calculatedCVE-2021-25413
MISC
samsung -- contacts
 
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.2021-06-11not yet calculatedCVE-2021-25414
MISC
samsung -- galaxy_watch3_plugin
 
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.2021-06-11not yet calculatedCVE-2021-25421
MISC
samsung -- galaxy_watch_pluginImproper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.2021-06-11not yet calculatedCVE-2021-25422
MISC
samsung -- galaxy_watch_plugin
 
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.2021-06-11not yet calculatedCVE-2021-25420
MISC
samsung -- galazy_watch_plugin
 
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.2021-06-11not yet calculatedCVE-2021-25423
MISC
samsung -- gear_s
 
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.2021-06-11not yet calculatedCVE-2021-25406
MISC
samsung -- genericsoservice
 
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.2021-06-11not yet calculatedCVE-2021-25412
MISC
samsung -- health
 
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.2021-06-11not yet calculatedCVE-2021-25425
MISC
samsung -- health
 
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.2021-06-11not yet calculatedCVE-2021-25401
MISC
samsung -- internetNon-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.2021-06-11not yet calculatedCVE-2021-25419
MISC
samsung -- internet
 
Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.2021-06-11not yet calculatedCVE-2021-25418
MISC
samsung -- internet
 
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.2021-06-11not yet calculatedCVE-2021-25400
MISC
samsung -- knoxcore
 
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.2021-06-11not yet calculatedCVE-2021-25388
MISC
MISC
samsung -- mfc_charger_driver
 
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.2021-06-11not yet calculatedCVE-2021-25395
MISC
samsung -- mfc_charger_driver
 
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.2021-06-11not yet calculatedCVE-2021-25394
MISC
samsung -- notes
 
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.2021-06-11not yet calculatedCVE-2021-25405
MISC
samsung -- notes
 
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.2021-06-11not yet calculatedCVE-2021-25402
MISC
samsung -- notification
 
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.2021-06-11not yet calculatedCVE-2021-25409
MISC
samsung -- npu_driverA possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.2021-06-11not yet calculatedCVE-2021-25408
MISC
samsung -- npu_driver
 
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.2021-06-11not yet calculatedCVE-2021-25407
MISC
samsung -- npu_firmware
 
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.2021-06-11not yet calculatedCVE-2021-25396
MISC
samsung -- phototable
 
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.2021-06-11not yet calculatedCVE-2021-25390
MISC
MISC
samsung -- rkp_api
 
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.2021-06-11not yet calculatedCVE-2021-25411
MISC
samsung -- s_secure
 
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.2021-06-11not yet calculatedCVE-2021-25389
MISC
samsung -- samsung
 
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.2021-06-11not yet calculatedCVE-2021-25415
MISC
samsung -- samsung
 
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.2021-06-11not yet calculatedCVE-2021-25416
MISC
samsung -- samsung
 
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.2021-06-11not yet calculatedCVE-2021-25417
MISC
samsung -- secsettings
 
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.2021-06-11not yet calculatedCVE-2021-25393
MISC
MISC
samsung -- secure_folder
 
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.2021-06-11not yet calculatedCVE-2021-25391
MISC
MISC
samsung -- smart_managerImproper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.2021-06-11not yet calculatedCVE-2021-25399
MISC
samsung -- smartthings
 
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.2021-06-11not yet calculatedCVE-2021-25404
MISC
samsung -- telephonyui
 
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.2021-06-11not yet calculatedCVE-2021-25397
MISC
MISC
samsung -- tizen_bluetooth
 
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.2021-06-11not yet calculatedCVE-2021-25424
MISC
samsung-- dex
 
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.2021-06-11not yet calculatedCVE-2021-25392
MISC
MISC
sap -- business_one
 
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.2021-06-09not yet calculatedCVE-2021-33662
MISC
MISC
sap -- commerce_cloud
 
When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation.2021-06-09not yet calculatedCVE-2021-33666
MISC
MISC
sap -- enable_now
 
Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.2021-06-09not yet calculatedCVE-2021-27637
MISC
MISC
sap -- internet_graphics_service
 
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27620
MISC
MISC
sap -- internet_graphics_service
 
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27622
MISC
MISC
sap -- internet_graphics_service
 
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27623
MISC
MISC
sap -- internet_graphics_service
 
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27624
MISC
MISC
sap -- internet_graphics_service
 
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27625
MISC
MISC
sap -- internet_graphics_service
 
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27626
MISC
MISC
sap -- internet_graphics_service
 
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27627
MISC
MISC
sap -- manufacturing_execution
 
SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks.2021-06-09not yet calculatedCVE-2021-27615
MISC
MISC
sap -- mobile_sdk_certificate_provider
 
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability.2021-06-09not yet calculatedCVE-2021-33669
MISC
sap -- netweaver
 
SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.2021-06-09not yet calculatedCVE-2021-21490
MISC
MISC
sap -- netweaver
 
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.2021-06-09not yet calculatedCVE-2021-21473
MISC
MISC
sap -- netweaver_abap_server_and__abap_platformSAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27606
MISC
MISC
sap -- netweaver_abap_server_and_abap_platform
 
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27629
MISC
MISC
sap -- netweaver_abap_server_and_abap_platform
 
SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27628
MISC
MISC
sap -- netweaver_abap_server_and_abap_platform
 
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27632
MISC
MISC
sap -- netweaver_abap_server_and_abap_platform
 
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27631
MISC
MISC
sap -- netweaver_abap_server_and_abap_platform
 
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27630
MISC
MISC
sap -- netweaver_abap_server_and_abap_platform
 
SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27607
MISC
MISC
sap -- netweaver_application_server
 
Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.2021-06-09not yet calculatedCVE-2021-27621
MISC
MISC
sap -- netweaver_application_server_abap
 
SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.2021-06-09not yet calculatedCVE-2021-33663
MISC
MISC
sap -- netweaver_application_server_abap
 
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2021-06-09not yet calculatedCVE-2021-33664
MISC
MISC
sap -- netweaver_application_server_abap
 
SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2021-06-09not yet calculatedCVE-2021-33665
MISC
MISC
sap -- netweaver_as
 
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27633
MISC
MISC
sap -- netweaver_as
 
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27634
MISC
MISC
sap -- netweaver_as
 
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.2021-06-09not yet calculatedCVE-2021-27597
MISC
MISC
sap -- netweaver_as
 
SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity.2021-06-09not yet calculatedCVE-2021-27635
MISC
MISC
sap -- scimono
 
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.2021-06-09not yet calculatedCVE-2021-33668
MISC
seceon -- aisiem
 
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.2021-06-08not yet calculatedCVE-2021-28293
MISC
MISC
sensepost -- gowitness
 
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.2021-06-09not yet calculatedCVE-2021-33359
MISC
MISC
sge-plc1000 -- sge-plc1000_firmware
 
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.2021-06-09not yet calculatedCVE-2021-33841
CONFIRM
sharp -- nec_displays
 
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.2021-06-07not yet calculatedCVE-2021-20699
MISC
sharp -- nec_displays
 
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.2021-06-07not yet calculatedCVE-2021-20698
MISC
siemens -- mendix_saml_module
 
A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges.2021-06-08not yet calculatedCVE-2021-33712
MISC
siemens -- solid_edge
 
The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocation structure. An attacker could leverage this vulnerability to execute code in the context of the current process.2021-06-08not yet calculatedCVE-2021-31343
MISC
siemens -- solid_edge
 
The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.2021-06-08not yet calculatedCVE-2021-31342
MISC
silverstripe -- csscontentparser
 
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).2021-06-08not yet calculatedCVE-2020-25817
CONFIRM
MISC
MISC
MISC
silverstripe -- formfield
 
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.2021-06-08not yet calculatedCVE-2020-26138
CONFIRM
MISC
MISC
MISC
silverstripe -- graphql
 
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.2021-06-08not yet calculatedCVE-2020-26136
MISC
MISC
MISC
MISC
simatic -- simatic
 
A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions), SIMATIC RF615R (All versions > V3.0), SIMATIC RF680R (All versions > V3.0), SIMATIC RF685R (All versions > V3.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.2021-06-08not yet calculatedCVE-2021-31340
MISC
simcenter -- femap
 
A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27399. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12819)2021-06-08not yet calculatedCVE-2021-27387
MISC
simcenter -- femap
 
A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27387. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12820)2021-06-08not yet calculatedCVE-2021-27399
MISC
smartstream -- transaction_lifecycle_management_reconciliation_premium
 
SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0.2021-06-10not yet calculatedCVE-2020-24662
MISC
MISC
squid -- squid
 
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.2021-06-08not yet calculatedCVE-2021-31807
MISC
MISC
FEDORA
FEDORA
MLIST
suse -- linux_enterprise_server
 
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.2021-06-10not yet calculatedCVE-2021-31998
CONFIRM
suse -- opensuse
 
a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions.2021-06-10not yet calculatedCVE-2021-31997
CONFIRM
tencent -- gameloop
 
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.2021-06-06not yet calculatedCVE-2021-33879
MISC
MISC
thefuck -- thefuck
 
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.2021-06-10not yet calculatedCVE-2021-34363
MISC
MISC
MISC
thycotic -- password_reset_server
 
Thycotic Password Reset Server before 5.3.0 allows credential disclosure.2021-06-11not yet calculatedCVE-2021-34679
MISC
tiangolo -- fastapi
 
FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery (CSRF) attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json). A request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted. Requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. The browser will execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application. This is fixed in FastAPI 0.65.2. The request data is now parsed as JSON only if the content-type header is application/json or another JSON compatible media type like application/geo+json. It's best to upgrade to the latest FastAPI, but if updating is not possible then a middleware or a dependency that checks the content-type header and aborts the request if it is not application/json or another JSON compatible content type can act as a mitigating workaround.2021-06-09not yet calculatedCVE-2021-32677
MISC
CONFIRM
tigera -- tigera
 
** DISPUTED ** BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees.2021-06-04not yet calculatedCVE-2021-26928
MISC
tp-link -- tp-link_builds
 
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.2021-06-10not yet calculatedCVE-2021-31659
MISC
MISC
tp-link -- tp-link_builds
 
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.2021-06-10not yet calculatedCVE-2021-31658
MISC
MISC
ubuntu -- ubuntuThere is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23306
CONFIRM
ubuntu -- ubuntuIt was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32548
MISC
ubuntu -- ubuntuThere is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23312
CONFIRM
ubuntu -- ubuntuThere is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23323
CONFIRM
ubuntu -- ubuntuIt was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32547
MISC
ubuntu -- ubuntuThere is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23320
CONFIRM
ubuntu -- ubuntu

 

Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.2021-06-10not yet calculatedCVE-2021-25949
MISC
MISC
ubuntu -- ubuntu

 

Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.2021-06-10not yet calculatedCVE-2021-25948
MISC
MISC
ubuntu -- ubuntu

 

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.2021-06-11not yet calculatedCVE-2021-25684
MISC
ubuntu -- ubuntu
 
There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23321
CONFIRM
ubuntu -- ubuntu
 
There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23319
CONFIRM
ubuntu -- ubuntu
 
There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23322
CONFIRM
ubuntu -- ubuntu
 
There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23314
CONFIRM
ubuntu -- ubuntu
 
There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23310
CONFIRM
ubuntu -- ubuntu
 
There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.02021-06-10not yet calculatedCVE-2020-23313
CONFIRM
ubuntu -- ubuntu
 
There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23309
CONFIRM
ubuntu -- ubuntu
 
There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23308
CONFIRM
ubuntu -- ubuntu
 
There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23311
CONFIRM
ubuntu -- ubuntu
 
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32553
MISC
ubuntu -- ubuntu
 
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32552
MISC
ubuntu -- ubuntu
 
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32551
MISC
ubuntu -- ubuntu
 
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32550
MISC
ubuntu -- ubuntu
 
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32554
MISC
ubuntu -- ubuntu
 
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32555
MISC
ubuntu -- ubuntu
 
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.2021-06-12not yet calculatedCVE-2021-32556
MISC
ubuntu -- ubuntu
 
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.2021-06-12not yet calculatedCVE-2021-32557
MISC
ubuntu -- ubuntu
 
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.2021-06-12not yet calculatedCVE-2021-32549
MISC
ubuntu -- ubuntu
 
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.2021-06-11not yet calculatedCVE-2021-25682
MISC
ubuntu -- ubuntu
 
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.2021-06-11not yet calculatedCVE-2021-25683
MISC
ubuntu -- ubuntu
 
There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.02021-06-10not yet calculatedCVE-2020-23302
CONFIRM
ubuntu -- ubuntu
 
There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.2021-06-10not yet calculatedCVE-2020-23303
CONFIRM
unix -- symbolic_link
 
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.2021-06-10not yet calculatedCVE-2021-25322
CONFIRM
vembu -- bdr_suite

 

Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execution by placing a command in a GET request (issue 2 of 2).2021-06-08not yet calculatedCVE-2021-26472
MISC
MISC
MISC
MISC
MISC
vembu -- bdr_suite
 
Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execution by placing a command in a GET request (issue 1 of 2).2021-06-08not yet calculatedCVE-2021-26471
MISC
MISC
MISC
MISC
MISC
vembu -- bdr_suite
 
Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a GET request that specifies a file's name and content.2021-06-08not yet calculatedCVE-2021-26473
MISC
MISC
MISC
MISC
MISC
vembu -- bdr_suite
 
Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET request that specifies a hostname and port number.2021-06-08not yet calculatedCVE-2021-26474
MISC
MISC
MISC
MISC
MISC
vernemq_mqtt_broker -- vernemq_mqtt_broker
 
VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.2021-06-08not yet calculatedCVE-2021-33176
MISC
welch_allyn -- multiple_devices
 
The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).2021-06-11not yet calculatedCVE-2021-27408
MISC
welch_allyn -- multiple_products
 
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).2021-06-11not yet calculatedCVE-2021-27410
MISC
werkzeug -- werkzeug
 
This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.2021-06-11not yet calculatedCVE-2021-23393
MISC
MISC
western_digital -- edgerover
 
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.2021-06-11not yet calculatedCVE-2021-33205
CONFIRM
whatsapp -- business
 
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.2021-06-11not yet calculatedCVE-2021-24035
CONFIRM
windows -- mshtml_platform
 
Windows MSHTML Platform Remote Code Execution Vulnerability2021-06-08not yet calculatedCVE-2021-33742
MISC
wordpress -- wordpress
 
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users2021-06-07not yet calculatedCVE-2021-24336
MISC
CONFIRM
wordpress -- wordpress
 
The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues2021-06-07not yet calculatedCVE-2021-24344
CONFIRM
wordpress -- wordpress
 
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.2021-06-07not yet calculatedCVE-2021-24340
CONFIRM
MISC
wordpress -- wordpress
 
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.2021-06-07not yet calculatedCVE-2021-24337
MISC
CONFIRM
wowonder -- wowonder
 
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.2021-06-11not yet calculatedCVE-2021-27200
MISC
MISC
MISC
wp-cli -- wp-cli
 
WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself. The vulnerability stems from the fact that the default behavior of `WP_CLI\Utils\http_request()` when encountering a TLS handshake error is to disable certificate validation and retry the same request. The default behavior has been changed with version 2.5.0 of WP-CLI and the `wp-cli/wp-cli` framework (via https://github.com/wp-cli/wp-cli/pull/5523) so that the `WP_CLI\Utils\http_request()` method accepts an `$insecure` option that is `false` by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of `WP_CLI\Utils\http_request()`, including those in separate WP-CLI bundled or third-party packages. https://github.com/wp-cli/wp-cli/pull/5523 has also added an `--insecure` flag to the `cli update` command to counter this breaking change. There is no direct workaround for the default insecure behavior of `wp-cli/wp-cli` versions before 2.5.0. The workaround for dealing with the breaking change in the commands directly affected by the new secure default behavior is to add the `--insecure` flag to manually opt-in to the previous insecure behavior.2021-06-07not yet calculatedCVE-2021-29504
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
xen -- xen
 
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the structure; but the "soft reset" path wasn't refactored to call the initialization function. When a guest nwo initiates a "soft reboot", uninitialized data structure leads to an assert() when later code finds the structure in an unexpected state. The effect of this is to crash the process monitoring the guest. How this affects the system depends on the structure of the toolstack. For xl, this will have no security-relevant effect: every VM has its own independent monitoring process, which contains no state. The domain in question will hang in a crashed state, but can be destroyed by `xl destroy` just like any other non-cooperating domain. For daemon-based toolstacks linked against libxl, such as libvirt, this will crash the toolstack, losing the state of any in-progress operations (localized DoS), and preventing further administrator operations unless the daemon is configured to restart automatically (system-wide DoS). If crashes "leak" resources, then repeated crashes could use up resources, also causing a system-wide DoS.2021-06-11not yet calculatedCVE-2021-28687
MISC
xen -- xen
 
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to virtualization. In AMD64, Xen had to use a different implementation approach, so Xen does not use ring 1 to support 64-bit guests. With the focus now being on 64-bit systems, and the availability of explicit hardware support for virtualization, fixing speculation issues in ring 1 is not a priority for processor companies. Indirect Branch Restricted Speculation (IBRS) is an architectural x86 extension put together to combat speculative execution sidechannel attacks, including Spectre v2. It was retrofitted in microcode to existing CPUs. For more details on Spectre v2, see: http://xenbits.xen.org/xsa/advisory-254.html However, IBRS does not architecturally protect ring 0 from predictions learnt in ring 1. For more details, see: https://software.intel.com/security-software-guidance/deep-dives/deep-dive-indirect-branch-restricted-speculation Similar situations may exist with other mitigations for other kinds of speculative execution attacks. The situation is quite likely to be similar for speculative execution attacks which have yet to be discovered, disclosed, or mitigated.2021-06-11not yet calculatedCVE-2021-28689
MISC
xscreensaver -- xscreensaver
 
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.2021-06-10not yet calculatedCVE-2021-34557
MISC
MISC
MISC
MISC
MLIST
z-blogphp -- z-blogphp
 
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."2021-06-07not yet calculatedCVE-2020-18268
MISC
MISC
zoho_manageengine -- key_manager_plus
 
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.2021-06-07not yet calculatedCVE-2021-28382
MISC
MISC
zope_foundation -- zope
 
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.21 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.2021-06-08not yet calculatedCVE-2021-32674
CONFIRM
MISC
MISC
MISC
zte -- zte
 
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.2021-06-10not yet calculatedCVE-2021-21735
MISC
zte -- zte
 
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E2021-06-10not yet calculatedCVE-2021-21736
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.