Vulnerability Summary for the Week of February 8, 2021CISA All NCAS Products

Original release date: February 15, 2021

High Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
9.3
CVE-2021-21044
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.
2021-02-11
9.3
CVE-2021-21045
MISC

advantech — iview
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to ‘Administrator’.
2021-02-11
7.5
CVE-2021-22658
MISC
MISC

asus — rt-ax3000_firmware
Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.
2021-02-05
7.8
CVE-2021-3229
MISC
MISC
MISC

carrierwave_project — carrierwave
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The “#manipulate!” method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.
2021-02-08
7.5
CVE-2021-21305
MISC
MISC
MISC
CONFIRM
MISC

college_management_system_project — college_management_system
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters ‘unametxt’ and ‘pwdtxt’, which are not filtered before passing a SQL query.
2021-02-08
7.5
CVE-2020-26051
MISC

dell — emc_powerscale_onefs
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a “use of SSH key past account expiration” vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.
2021-02-09
7.5
CVE-2021-21502
MISC

dell — emc_powerscale_onefs
Dell EMC PowerScale OneFS versions 8.1.0 – 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application.
2021-02-09
7.2
CVE-2020-26193
MISC

dynamoosejs — dynamoose
Dynamoose is an open-source modeling tool for Amazon’s DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method “lib/utils/object/set.ts”. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.
2021-02-08
7.5
CVE-2021-21304
MISC
MISC
CONFIRM
MISC

elecom — wrc-300febk-s_firmware
ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
2021-02-12
7.7
CVE-2021-20648
MISC
MISC

epikur — epikur
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password’s MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a “Backdoor Password” of 3p1kursupport). If the submitted password matches either one, access is granted.
2021-02-05
7.5
CVE-2020-10539
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.
2021-02-10
7.5
CVE-2021-27145
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.
2021-02-10
7.5
CVE-2021-27147
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP.
2021-02-10
7.5
CVE-2021-27148
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP.
2021-02-10
7.5
CVE-2021-27149
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP.
2021-02-10
7.5
CVE-2021-27146
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP.
2021-02-10
7.5
CVE-2021-27151
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP.
2021-02-10
7.5
CVE-2021-27152
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.
2021-02-10
7.5
CVE-2021-27153
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP.
2021-02-10
7.5
CVE-2021-27154
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP.
2021-02-10
7.5
CVE-2021-27155
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface.
2021-02-10
7.5
CVE-2021-27156
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP.
2021-02-10
7.5
CVE-2021-27157
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP.
2021-02-10
7.5
CVE-2021-27158
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP.
2021-02-10
7.5
CVE-2021-27159
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.
2021-02-10
7.5
CVE-2021-27160
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP.
2021-02-10
7.5
CVE-2021-27161
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP.
2021-02-10
7.5
CVE-2021-27162
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP.
2021-02-10
7.5
CVE-2021-27163
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP.
2021-02-10
7.5
CVE-2021-27150
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP.
2021-02-10
7.5
CVE-2021-27164
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server.
2021-02-10
7.5
CVE-2021-27177
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).
2021-02-10
10
CVE-2021-27171
MISC

fortinet — fortiisolator
An insufficient session expiration vulnerability in FortiNet’s FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
2021-02-08
7.5
CVE-2020-6649
CONFIRM

genivia — gsoap
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
2021-02-10
7.5
CVE-2020-13576
MISC

gitlog_project — gitlog
The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.
2021-02-08
7.5
CVE-2021-26541
MISC
MISC

google — android
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525
2021-02-10
10
CVE-2021-0326
MISC

google — android
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782
2021-02-10
9.3
CVE-2021-0302
MISC

google — android
In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-174238784
2021-02-10
9.3
CVE-2021-0325
MISC

google — android
In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-163358811
2021-02-10
7.2
CVE-2021-0334
MISC

google — android
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286
2021-02-10
9.3
CVE-2021-0340
MISC

google — android
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687
2021-02-10
9.3
CVE-2021-0339
MISC

google — android
In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-169256435
2021-02-10
7.2
CVE-2021-0332
MISC

google — android
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161
2021-02-10
7.2
CVE-2021-0336
MISC

google — android
In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441
2021-02-10
7.2
CVE-2021-0330
MISC

google — android
In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172670415
2021-02-10
7.2
CVE-2021-0328
MISC

google — android
In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-171400004
2021-02-10
7.2
CVE-2021-0329
MISC

google — android
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195
2021-02-10
7.2
CVE-2021-0337
MISC

google — android
In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267
2021-02-10
7.2
CVE-2021-0327
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.
2021-02-08
7.2
CVE-2021-25142
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.
2021-02-08
7.2
CVE-2021-25171
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.
2021-02-08
7.2
CVE-2021-25172
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.
2021-02-08
7.2
CVE-2021-25169
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.
2021-02-08
7.2
CVE-2021-26570
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
2021-02-08
7.2
CVE-2021-26571
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
2021-02-08
7.2
CVE-2021-26572
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.
2021-02-08
7.2
CVE-2021-26573
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.
2021-02-08
7.2
CVE-2021-26574
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.
2021-02-08
7.2
CVE-2021-26575
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.
2021-02-08
7.2
CVE-2021-26576
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.
2021-02-08
7.2
CVE-2021-25170
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.
2021-02-08
7.2
CVE-2021-25168
MISC

hpe — baseboard_management_controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.
2021-02-08
7.2
CVE-2021-26577
MISC

huawei — ecns280_firmware
There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.
2021-02-06
7.8
CVE-2021-22292
CONFIRM

logitec — lan-w300n/pgrb_firmware
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.
2021-02-12
7.7
CVE-2021-20638
MISC
MISC

logitec — lan-w300n/pgrb_firmware
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.
2021-02-12
7.7
CVE-2021-20640
MISC
MISC

macfromip_project — macfromip
This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.
2021-02-08
7.5
CVE-2020-7786
MISC
MISC

microfocus — operation_bridge_reporter
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
2021-02-08
10
CVE-2021-22502
MISC
MISC
MISC

ncr — command_center_agent
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor’s position is that exploitation occurs only on devices with a certain “misconfiguration.”
2021-02-07
10
CVE-2021-3122
MISC
MISC
MISC

netmotionsoftware — netmotion_mobility
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
2021-02-08
10
CVE-2021-26914
MISC
MISC
MISC

netmotionsoftware — netmotion_mobility
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.
2021-02-08
10
CVE-2021-26913
MISC
MISC
MISC

netmotionsoftware — netmotion_mobility
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.
2021-02-08
10
CVE-2021-26915
MISC
MISC
MISC

netmotionsoftware — netmotion_mobility
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
2021-02-08
10
CVE-2021-26912
MISC
MISC
MISC

node-ps_project — node-ps
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.
2021-02-08
7.5
CVE-2020-7785
MISC
MISC
MISC

open-emr — openemr
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
2021-02-07
9
CVE-2020-36243
MISC
MISC

panasonic — video_insight_vms
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
2021-02-05
10
CVE-2021-20623
MISC
MISC

phpok — phpok
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
2021-02-08
7.5
CVE-2020-16629
MISC

set-or-get_project — set-or-get
Prototype pollution vulnerability in ‘set-or-get’ version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.
2021-02-08
7.5
CVE-2021-25913
MISC
MISC

siemens — digsi_4
A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.
2021-02-09
7.2
CVE-2020-25245
MISC
MISC

siemens — simatic_hmi_comfort_panels_firmware
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)
2021-02-09
9.3
CVE-2020-15798
MISC
MISC

siemens — simatic_process_control_system_neo
A vulnerability has been identified in PCS neo (Administration Console) (V3.0), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.
2021-02-09
7.2
CVE-2020-25238
MISC
MISC
CERT-VN

spritesheet-js_project — spritesheet-js
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.
2021-02-08
7.5
CVE-2020-7782
MISC
MISC
MISC

svakom — siime_eye_firmware
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device’s services are running as root).
2021-02-08
10
CVE-2020-11920
MISC

wavlink — wn575a4_firmware
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
2021-02-09
10
CVE-2020-13117
MISC

wpdatatables — wpdatatables
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.
2021-02-08
10
CVE-2021-26754
MISC
MISC
MISC

zulip — zulip_desktop
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
2021-02-05
7.5
CVE-2020-10857
CONFIRM

zzzcms — zzzphp
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
2021-02-05
7.5
CVE-2020-18717
MISC

Medium Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

1password — scim_bridge
1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.
2021-02-08
4
CVE-2021-26905
MISC
CONFIRM

adminer — adminer
Adminer through 4.7.8 allows XSS via the history parameter to the default URI.
2021-02-09
4.3
CVE-2020-35572
MISC
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
6.8
CVE-2021-21017
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
6.8
CVE-2021-21028
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
6.8
CVE-2021-21036
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
6.8
CVE-2021-21037
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
6.8
CVE-2021-21041
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
4.3
CVE-2021-21034
MISC

adobe — acrobat
Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
4.3
CVE-2021-21061
MISC

adobe — acrobat
Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
4.3
CVE-2021-21060
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
4.3
CVE-2021-21057
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
4.3
CVE-2021-21046
MISC

adobe — acrobat
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
4.3
CVE-2021-21042
MISC

advantech — iview
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
2021-02-11
5
CVE-2021-22656
MISC
MISC

advantech — iview
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
2021-02-11
5
CVE-2021-22654
MISC
MISC
MISC

apache — activemq
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.
2021-02-08
4.3
CVE-2020-13947
MISC
MLIST
MLIST
MLIST

apostrophecms — sanitize-html
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the “allowedIframeHostnames” option.
2021-02-08
5
CVE-2021-26539
MISC
MISC

apostrophecms — sanitize-html
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the “allowedIframeHostnames” option when the “allowIframeRelativeUrls” is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with “/\example.com”.
2021-02-08
5
CVE-2021-26540
MISC
MISC

b2evolution — b2evolution
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.
2021-02-09
5.8
CVE-2020-22840
MISC
MISC
MISC

b2evolution — b2evolution_cms
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
2021-02-09
4.3
CVE-2020-22839
MISC
MISC
MISC

carrierwave_project — carrierwave
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
2021-02-08
4
CVE-2021-21288
MISC
MISC
MISC
CONFIRM
MISC

cesanta — mongoose
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
2021-02-08
6.4
CVE-2021-26528
MISC

cesanta — mongoose
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
2021-02-08
6.4
CVE-2021-26529
MISC

cesanta — mongoose
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
2021-02-08
6.4
CVE-2021-26530
MISC

chainsafe — ethermint
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an “arbitrary mint token”.
2021-02-08
5
CVE-2021-25837
MISC

chainsafe — ethermint
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables “cross-chain transaction replay” attack.
2021-02-08
5
CVE-2021-25835
MISC
MISC

chainsafe — ethermint
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.
2021-02-08
5
CVE-2021-25834
MISC

chainsafe — ethermint
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.
2021-02-08
5
CVE-2021-25836
MISC

cryptography_project — cryptography
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
2021-02-07
6.4
CVE-2020-36242
CONFIRM
CONFIRM
MISC
FEDORA

dell — emc_powerscale_onefs
Dell EMC PowerScale OneFS versions 8.2.0 – 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.
2021-02-09
4.6
CVE-2020-26192
MISC

dell — emc_powerscale_onefs
Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.
2021-02-09
5
CVE-2020-26195
MISC

dell — emc_powerscale_onefs
Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.
2021-02-09
4.6
CVE-2020-26194
MISC

dell — emc_powerscale_onefs
Dell EMC PowerScale OneFS versions 8.1.0 – 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.
2021-02-09
4.6
CVE-2020-26191
MISC

elecom — wrc-300febk-a_firmware
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
2021-02-12
4.3
CVE-2021-20646
MISC
MISC

elecom — wrc-300febk-a_firmware
Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.
2021-02-12
4.3
CVE-2021-20645
MISC
MISC

elecom — wrc-300febk-s_firmware
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
2021-02-12
4.3
CVE-2021-20647
MISC
MISC

elecom — wrc-300febk-s_firmware
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.
2021-02-12
5.8
CVE-2021-20649
MISC
MISC

electriccoin — zcashd
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim’s address and an IP address, aka a timing side channel.
2021-02-05
5
CVE-2020-8807
MISC

electriccoin — zcashd
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.
2021-02-05
5
CVE-2020-8806
MISC

emlog — emlog
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
2021-02-08
5
CVE-2021-3293
MISC
MISC

epikur — epikur
An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.
2021-02-05
4.6
CVE-2020-10537
MISC

ezxml_project — ezxml
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
2021-02-08
5.8
CVE-2021-26220
MISC

ezxml_project — ezxml
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
2021-02-08
5.8
CVE-2021-26221
MISC

ezxml_project — ezxml
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
2021-02-08
5.8
CVE-2021-26222
MISC

fedoraproject — fedora
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.
2021-02-06
4.3
CVE-2020-14312
MISC

fiberhome — an5506-04-fa_firmware
An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account.
2021-02-10
5
CVE-2021-27169
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.
2021-02-10
5
CVE-2021-27170
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.
2021-02-10
5
CVE-2021-27172
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for the CLI).
2021-02-10
5
CVE-2021-27173
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.
2021-02-10
5
CVE-2021-27167
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account.
2021-02-10
5
CVE-2021-27168
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions.
2021-02-10
5
CVE-2021-27176
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon.
2021-02-10
5
CVE-2021-27166
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.
2021-02-10
5
CVE-2021-27165
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP.
2021-02-10
5
CVE-2021-27144
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.
2021-02-10
5
CVE-2021-27143
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions.
2021-02-10
5
CVE-2021-27142
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)
2021-02-10
5
CVE-2021-27141
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.
2021-02-10
5
CVE-2021-27140
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp.
2021-02-10
5
CVE-2021-27139
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions.
2021-02-10
5
CVE-2021-27175
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions.
2021-02-10
5
CVE-2021-27174
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string.
2021-02-10
5
CVE-2021-27179
MISC

fiberhome — hg6245d_firmware
An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram.
2021-02-10
5
CVE-2021-27178
MISC

flowpaper — pdf2json
Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.
2021-02-05
4.6
CVE-2020-18750
CONFIRM
MISC

fortinet — fortiweb
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
2021-02-08
4.3
CVE-2021-22122
CONFIRM

foxitsoftware — foxit_reader
In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
2021-02-10
6.8
CVE-2020-13548
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11192.
2021-02-09
6.8
CVE-2020-17419
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11334.
2021-02-09
6.8
CVE-2020-17427
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11230.
2021-02-09
6.8
CVE-2020-17426
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11259.
2021-02-09
6.8
CVE-2020-17425
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11247.
2021-02-09
6.8
CVE-2020-17424
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ARW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11196.
2021-02-09
6.8
CVE-2020-17423
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11488.
2021-02-09
6.8
CVE-2020-27857
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11434.
2021-02-09
6.8
CVE-2020-27856
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11433.
2021-02-09
6.8
CVE-2020-27855
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11432.
2021-02-09
6.8
CVE-2020-17436
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZIX files. A crafted id in a channel element can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11197.
2021-02-09
6.8
CVE-2020-17418
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11332.
2021-02-09
6.8
CVE-2020-17430
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11337.
2021-02-09
4.3
CVE-2020-17429
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11333.
2021-02-09
6.8
CVE-2020-17431
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11336.
2021-02-09
4.3
CVE-2020-17428
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11356.
2021-02-09
6.8
CVE-2020-17433
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11357.
2021-02-09
6.8
CVE-2020-17434
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11195.
2021-02-09
4.3
CVE-2020-17422
MISC
MISC

foxitsoftware — foxit_studio_photo
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11193.
2021-02-09
4.3
CVE-2020-17420
MISC
MISC

fusioncharts — apexcharts
The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.
2021-02-09
4.3
CVE-2021-23327
CONFIRM
CONFIRM
CONFIRM
CONFIRM

genivia — gsoap
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
2021-02-10
5
CVE-2020-13578
MISC

genivia — gsoap
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
2021-02-10
5
CVE-2020-13575
MISC

gitea — gitea
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
2021-02-05
5
CVE-2021-3382
MISC

godotengine — godot_engine
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
2021-02-08
6.8
CVE-2021-26825
MISC
MISC

godotengine — godot_engine
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
2021-02-08
6.8
CVE-2021-26826
MISC
MISC

google — android
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491
2021-02-10
6.9
CVE-2021-0333
MISC

google — android
In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178
2021-02-10
4.9
CVE-2021-0338
MISC

google — android
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783
2021-02-10
6.9
CVE-2021-0331
MISC

google — android
In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309
2021-02-10
4.3
CVE-2021-0335
MISC

google — android
In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302
2021-02-10
6.9
CVE-2021-0314
MISC

google — android
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
2021-02-10
5
CVE-2021-0341
MISC

google — chrome
Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21128
MISC
MISC

google — chrome
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.
2021-02-09
6.8
CVE-2021-21127
MISC
MISC

google — chrome
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21118
MISC
MISC

google — chrome
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21119
MISC
MISC

google — chrome
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21120
MISC
MISC

google — chrome
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21121
MISC
MISC

google — chrome
Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21122
MISC
MISC

google — chrome
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21124
MISC
MISC

google — chrome
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
2021-02-09
6.8
CVE-2021-21132
MISC
MISC

google — chrome
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
2021-02-09
6.8
CVE-2020-16044
MISC
MISC

google — chrome
Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.
2021-02-09
6.8
CVE-2021-21138
MISC
MISC

google — chrome
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.
2021-02-09
4.6
CVE-2021-21140
MISC
MISC

google — chrome
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21148
MISC
MISC
FEDORA

google — chrome
Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21142
MISC
MISC
FEDORA

google — chrome
Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
2021-02-09
6.8
CVE-2021-21143
MISC
MISC
FEDORA

google — chrome
Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21146
MISC
MISC
FEDORA

google — chrome
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
2021-02-09
5.8
CVE-2021-21125
MISC
MISC

google — chrome
Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
2021-02-09
6.8
CVE-2021-21144
MISC
MISC
FEDORA

google — chrome
Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2021-02-09
6.8
CVE-2021-21145
MISC
MISC
FEDORA

google — chrome
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
2021-02-09
6.9
CVE-2021-21117
MISC
MISC

google — chrome
Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21147
MISC
MISC
FEDORA

google — chrome
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21141
MISC
MISC

google — chrome
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21139
MISC
MISC

google — chrome
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21137
MISC
MISC

google — chrome
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21136
MISC
MISC

google — chrome
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21135
MISC
MISC

google — chrome
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21134
MISC
MISC

google — chrome
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21133
MISC
MISC

google — chrome
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21131
MISC
MISC

google — chrome
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
2021-02-09
4.3
CVE-2021-21126
MISC
MISC

google — chrome
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
2021-02-09
4.3
CVE-2021-21123
MISC
MISC

gradle — enterprise_test_distribution_agent
A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can perform a registration step such that crafted TAR archives lead to extraction of files into arbitrary filesystem locations.
2021-02-09
5.5
CVE-2021-26719
MISC

helm — helm
Helm is open-source software which is essentially “The Kubernetes Package Manager”. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used “as is” without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.
2021-02-05
4
CVE-2021-21303
MISC
MISC
CONFIRM

httplib2_project — httplib2
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of “xa0” characters in the “www-authenticate” header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
2021-02-08
5
CVE-2021-21240
MISC
MISC
CONFIRM
MISC

huawei — ais-bw80h-00_firmware
There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package’s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).
2021-02-06
4.6
CVE-2020-9118
CONFIRM

huawei — campusinsight
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).
2021-02-06
5
CVE-2021-22293
CONFIRM

huawei — imaster_mae-m
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.
2021-02-06
4.6
CVE-2021-22299
CONFIRM

huawei — manageone
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
2021-02-06
4
CVE-2021-22298
CONFIRM

huawei — manageone
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
2021-02-06
4
CVE-2020-9205
CONFIRM

huawei — mate_30_firmware
Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.
2021-02-06
4.6
CVE-2021-22301
CONFIRM

huawei — taurus-al00a_firmware
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.
2021-02-06
4.3
CVE-2021-22303
CONFIRM

ibm — cloud_pak_for_automation
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 – Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.
2021-02-08
4
CVE-2021-20359
XF
CONFIRM

ibm — cloud_pak_for_automation
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.
2021-02-08
4
CVE-2021-20358
XF
CONFIRM

ibm — security_identity_governance_and_intelligence
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.
2021-02-09
6.4
CVE-2020-4795
XF
CONFIRM

ibm — security_identity_governance_and_intelligence
IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users’ session. IBM X-Force ID: 192912.
2021-02-09
5
CVE-2020-4995
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078.
2021-02-11
5
CVE-2021-20404
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.
2021-02-11
5
CVE-2021-20405
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185.
2021-02-12
5
CVE-2021-20407
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188.
2021-02-12
5
CVE-2021-20409
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
2021-02-11
6.8
CVE-2021-20403
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184.
2021-02-12
4
CVE-2021-20406
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076.
2021-02-11
4
CVE-2021-20402
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192.
2021-02-12
5
CVE-2021-20412
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.
2021-02-12
4.8
CVE-2021-20411
XF
CONFIRM

ibm — spectrum_protect_plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.
2021-02-10
5
CVE-2020-5023
XF
CONFIRM

ibm — websphere_application_server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.
2021-02-10
6.4
CVE-2021-20353
XF
CONFIRM
MISC

imagely — nextgen_gallery
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
2021-02-09
4.3
CVE-2020-35943
MISC

imagely — nextgen_gallery
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
2021-02-09
6.8
CVE-2020-35942
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.
2021-02-06
6.8
CVE-2021-20176
MISC

iobit — advanced_systemcare
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. DosDevicesAscRegistryFilter and DeviceAscRegistryFilter are affected.
2021-02-05
6.8
CVE-2020-10234
MISC
MISC
MISC

jenzabar — jenzabar
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
2021-02-06
4.3
CVE-2021-26723
MISC
MISC
MISC

librenms — librenms
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
2021-02-08
6.5
CVE-2020-35700
MISC
MISC
CONFIRM
CONFIRM
MISC

linkedin — oncall
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the “No results found for” message in the search bar.
2021-02-05
4.3
CVE-2021-26722
MISC

linux — linux_kernel
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
2021-02-05
6.9
CVE-2021-26708
MLIST
MISC
MISC
MISC

marked_project — marked
Marked is an open-source markdown parser and compiler (npm package “marked”). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
2021-02-08
5
CVE-2021-21306
MISC
MISC
MISC
CONFIRM
MISC

maxpcsecure — max_spyware_detector
In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)
2021-02-05
4.6
CVE-2020-12122
MISC
MISC
MISC

mcafee — endpoint_security
A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update.
2021-02-10
4.9
CVE-2021-23883
CONFIRM

mcafee — total_protection
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
2021-02-10
4.6
CVE-2021-23874
CONFIRM

microfocus — application_performance_management
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker’s choosing.
2021-02-06
4.3
CVE-2021-22500
CONFIRM

millewin — millewin
Millennium Millewin (also known as “Cartella clinica”) 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.
2021-02-09
6.5
CVE-2021-3394
MISC
MISC

ms3d_project — ms3d
An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.
2021-02-09
5
CVE-2021-26952
MISC

name_directory_project — name_directory
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
2021-02-05
6.8
CVE-2021-20652
MISC
MISC

nedi — nedi
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
2021-02-12
6.5
CVE-2021-26753
MISC

nedi — nedi
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.
2021-02-12
4
CVE-2021-26751
MISC

nedi — nedi
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
2021-02-12
6.5
CVE-2021-26752
MISC

nopcommerce — nopcommerce
In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.
2021-02-08
4.3
CVE-2021-26916
MISC

octobercms — october
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.
2021-02-05
6.8
CVE-2021-3311
CONFIRM
MISC

omron — cx-one
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
2021-02-09
6.8
CVE-2020-27261
MISC
MISC
MISC

omron — cx-one
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.
2021-02-09
6.8
CVE-2020-27259
MISC
MISC

omron — cx-one
This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.
2021-02-09
6.8
CVE-2020-27257
MISC
MISC

opmantek — open-audit
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
2021-02-05
4.3
CVE-2021-3333
MISC

otrs — cis_in_customer_frontend
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.
2021-02-08
4
CVE-2021-21436
CONFIRM

otrs — otrs
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
2021-02-08
4.3
CVE-2021-21435
CONFIRM

otrs — ticket_forms
When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x version 8.0.3 and prior versions.
2021-02-08
4
CVE-2020-1779
CONFIRM

phpshe — phpshe
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
2021-02-09
6.5
CVE-2020-18215
MISC
MISC

privateoctopus — picoquic
picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.
2021-02-08
5
CVE-2020-24944
MISC

psyprax — psyprax
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.
2021-02-05
5
CVE-2020-10554
MISC

psyprax — psyprax
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.
2021-02-05
5.5
CVE-2020-10552
MISC

redwood — report2web
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
2021-02-05
4.3
CVE-2021-26710
MISC

redwood — report2web
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.
2021-02-05
5
CVE-2021-26711
MISC

sdgc — pnpscada
PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim’s browser.
2021-02-10
4.3
CVE-2020-24842
MISC

siemens — cscape
Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.
2021-02-09
6.8
CVE-2021-22663
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)
2021-02-09
4.6
CVE-2020-27000
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)
2021-02-09
4.6
CVE-2020-27001
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)
2021-02-09
4.6
CVE-2020-27003
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)
2021-02-09
4.6
CVE-2020-27005
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)
2021-02-09
4.6
CVE-2020-27006
MISC

siemens — nucleus_net
A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
2021-02-09
5
CVE-2020-28388
MISC

siemens — simaris_configuration
A vulnerability has been identified in SIMARIS configuration (All versions). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.
2021-02-09
4.6
CVE-2020-28392
MISC

sthttpd_project — sthttpd
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.
2021-02-07
5
CVE-2021-26843
MISC

svakom — siime_eye_firmware
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device’s Wi-Fi access point.
2021-02-08
4.6
CVE-2020-11915
MISC

symonics — libmysofa
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 – 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
2021-02-08
4.3
CVE-2020-36148
MISC

symonics — libmysofa
Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 – 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
2021-02-08
4.3
CVE-2020-36149
MISC

symonics — libmysofa
Incorrect handling of input data in loudness function in the libmysofa library 0.5 – 1.1 will lead to heap buffer overflow and access to unallocated memory block.
2021-02-08
4.3
CVE-2020-36150
MISC

symonics — libmysofa
Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 – 1.1 will lead to heap buffer overflow and overwriting large memory block.
2021-02-08
4.3
CVE-2020-36151
MISC

symonics — libmysofa
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 – 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
2021-02-08
6.8
CVE-2020-36152
MISC

tenable — nessus_amazon_machine_image
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
2021-02-06
4.3
CVE-2020-5812
MISC

tipsandtricks-hq — wp_security_&_firewall
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.
2021-02-10
4.3
CVE-2020-29171
CONFIRM
CONFIRM
MISC

tufin — securetrack
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.
2021-02-09
6.8
CVE-2020-13460
MISC

tufin — securetrack
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 1 of 3)
2021-02-09
4.3
CVE-2020-13407
MISC

tufin — securetrack
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
2021-02-09
5
CVE-2020-13462
MISC

typora — typora
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
2021-02-05
4.3
CVE-2020-18737
MISC

zohocorp — manageengine_applications_manager
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
2021-02-05
6.5
CVE-2020-35765
MISC
CONFIRM
CONFIRM
CONFIRM

zulip — zulip_desktop
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
2021-02-05
5
CVE-2020-10858
CONFIRM

Low Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

b2evolution — b2evolution
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
2021-02-09
3.5
CVE-2020-22841
MISC
MISC
MISC

casap_automated_enrollment_system_project — casap_automated_enrollment_system
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.
2021-02-09
3.5
CVE-2021-3294
MISC
MISC
MISC

dell — emc_powerscale_onefs
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.
2021-02-09
2.1
CVE-2020-26196
MISC

epikur — epikur
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.
2021-02-05
2.1
CVE-2020-10538
MISC

epson — iprojection
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. DeviceEMPNSAUIO and DosDevicesEMPNSAU are similarly affected.
2021-02-05
2.1
CVE-2020-9014
MISC
MISC
MISC

epson — iprojection
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects DeviceEMPMPAUIO and DosDevicesEMPMPAU.
2021-02-05
2.1
CVE-2020-9453
MISC
MISC
MISC

gnome — control_center
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
2021-02-08
2.1
CVE-2020-14391
MISC

gnome — gnome-autoar
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink to a directory outside of the intended extraction location.
2021-02-05
2.1
CVE-2020-36241
MISC
MISC

google — android
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.
2021-02-06
2.1
CVE-2020-11836
MISC

henriquedornas — henriquedornas
A stored XSS issue exists in henriquedornas 5.2.17 via online live chat.
2021-02-10
3.5
CVE-2021-26938
MISC

huawei — ecns280_td_firmware
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.
2021-02-06
1.9
CVE-2021-22300
CONFIRM

huawei — mate_30_firmware
There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service.
2021-02-06
2.1
CVE-2021-22305
CONFIRM

huawei — mate_30_firmware
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service.
2021-02-06
2.1
CVE-2021-22306
CONFIRM

huawei — mate_30_firmware
There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.
2021-02-06
2.1
CVE-2021-22307
CONFIRM

huawei — taurus-al00a_firmware
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.
2021-02-06
2.1
CVE-2021-22304
CONFIRM

huawei — taurus-al00a_firmware
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service.
2021-02-06
3.6
CVE-2021-22302
MISC

ibm — business_automation_workflow
IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907.
2021-02-11
3.5
CVE-2020-4768
XF
CONFIRM

ibm — powerha
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.
2021-02-05
2.1
CVE-2020-4832
XF
CONFIRM

ibm — security_identity_governance_and_intelligence
IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913.
2021-02-09
2.1
CVE-2020-4996
XF
CONFIRM

ibm — security_identity_governance_and_intelligence
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.
2021-02-09
1.8
CVE-2020-4791
XF
CONFIRM

ibm — security_identity_governance_and_intelligence
IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.
2021-02-09
3.3
CVE-2020-4790
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.
2021-02-12
2.1
CVE-2021-20408
XF
CONFIRM

ibm — security_verify_information_queue
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.
2021-02-12
3.5
CVE-2021-20410
XF
CONFIRM

mcafee — endpoint_security
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
2021-02-10
3.5
CVE-2021-23881
CONFIRM

mcafee — endpoint_security
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.
2021-02-10
1.9
CVE-2021-23882
CONFIRM

mcafee — endpoint_security
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.
2021-02-10
2.1
CVE-2021-23880
CONFIRM

microfocus — application_performance_management
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
2021-02-06
3.5
CVE-2021-22499
CONFIRM

netapp — clustered_data_ontap
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
2021-02-08
2.1
CVE-2020-8590
MISC

netapp — clustered_data_ontap
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
2021-02-08
2.1
CVE-2020-8578
MISC

netapp — oncommand_system_manager
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.
2021-02-08
2.1
CVE-2020-8587
MISC

newmediacompany — smarty
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.
2021-02-05
2.1
CVE-2020-10375
MISC
MISC

nvidia — geforce_experience
NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
2021-02-05
3.6
CVE-2021-1072
CONFIRM

online_marriage_registration_system_project — online_marriage_registration_system
Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.
2021-02-08
3.5
CVE-2020-26052
MISC

openwrt — openwrt
In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP’s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.
2021-02-07
3.3
CVE-2021-22161
CONFIRM

otrs — survey
Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions.
2021-02-08
3.5
CVE-2021-21434
CONFIRM

psyprax — psyprax
An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%Psyprax32PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.
2021-02-05
2.1
CVE-2020-10553
MISC

qa-themes — q2a_ultimate_seo
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.
2021-02-05
3.5
CVE-2021-3258
MISC
MISC
MISC

roundcube — roundcube
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
2021-02-09
3.5
CVE-2021-26925
CONFIRM
MISC

secomea — gatemanager_8250_firmware
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.
2021-02-08
3.5
CVE-2020-29021
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)
2021-02-09
2.1
CVE-2020-28394
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207)
2021-02-09
3.6
CVE-2020-27007
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209)
2021-02-09
3.6
CVE-2020-27008
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)
2021-02-09
3.6
CVE-2020-27004
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040)
2021-02-09
2.1
CVE-2020-26998
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)
2021-02-09
2.1
CVE-2020-26999
MISC

siemens — jt2go
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043)
2021-02-09
3.6
CVE-2020-27002
MISC

siemens — scalance_w780_firmware
A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time.
2021-02-09
3.3
CVE-2021-25666
MISC
MISC

siemens — simatic_pcs_7
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.
2021-02-09
2.1
CVE-2020-10048
MISC

smartfoxserver — smartfoxserver
An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
2021-02-09
2.1
CVE-2021-26550
MISC
MISC
MISC
MISC

telegram — telegram
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
2021-02-12
2.1
CVE-2021-27204
MISC
MISC

telegram — telegram
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.
2021-02-12
2.1
CVE-2021-27205
MISC
MISC

tufin — securetrack
Username enumeration in present in Tufin SecureTrack. It’s affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor’s response: “This attack requires access to the internal network. If an attacker is part of the internal network, they do not require access to TOS to know the usernames”.
2021-02-09
3.3
CVE-2020-13461
MISC

Severity Not Yet Assigned

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

abb — ac500

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
2021-02-09
not yet calculated
CVE-2020-24685
CONFIRM

accusoft — imagegear

An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-13585
MISC

accusoft — imagegear

An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-13561
MISC

accusoft — imagegear

An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-13571
MISC

accusoft — imagegear

A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-13572
MISC

adobe — acrobat_reader_dc
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21059
MISC

adobe — acrobat_reader_dc

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21062
MISC

adobe — acrobat_reader_dc

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21058
MISC

adobe — animate
Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21052
MISC

adobe — dreamweaver

Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.
2021-02-11
not yet calculated
CVE-2021-21055
MISC

adobe — illustrator

Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21053
MISC

adobe — photoshop
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21050
MISC

adobe — photoshop
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted javascript file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21051
MISC

adobe — photoshop

Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21049
MISC

adobe — photoshop

Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file
2021-02-11
not yet calculated
CVE-2021-21048
MISC

adobe — photoshop

Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2021-02-11
not yet calculated
CVE-2021-21047
MISC

advantech — iview

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
2021-02-11
not yet calculated
CVE-2021-22652
MISC

apache — thrift

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
2021-02-12
not yet calculated
CVE-2020-13949
MISC

argo_cd — argo_cd

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
2021-02-09
not yet calculated
CVE-2021-26921
CONFIRM
MISC

autotrace — autotrace
A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.
2021-02-11
not yet calculated
CVE-2019-19005
MISC
CONFIRM

autotrace — autotrace

A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.
2021-02-11
not yet calculated
CVE-2019-19004
MISC
MISC
CONFIRM

big-ip — big-ip
On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22978
MISC

big-ip — big-ip
On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22976
MISC

big-ip — big-ip
On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22985
MISC

big-ip — big-ip
On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22981
MISC

big-ip — big-ip
On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22979
MISC

big-ip — big-ip

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22984
MISC

big-ip — big-ip

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22982
MISC

big-ip — big-ip

On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22977
MISC

big-ip — big-ip

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22975
MISC

big-ip — big-ip

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22974
MISC

big-ip — big-ip

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22973
MISC

big-ip — big-ip

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22983
MISC

connman — connman
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
2021-02-09
not yet calculated
CVE-2021-26676
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST
DEBIAN
MISC

connman — connman

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
2021-02-09
not yet calculated
CVE-2021-26675
MISC
CONFIRM
CONFIRM
MLIST
DEBIAN
MISC

d-link — dap-1860_wifi_extenders
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.
2021-02-12
not yet calculated
CVE-2020-27865
MISC
MISC

d-link — dap-1860_wifi_extenders

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880.
2021-02-12
not yet calculated
CVE-2020-27864
MISC
MISC

d-link — dva-2800_and_dsl-28888a_routers

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10912.
2021-02-12
not yet calculated
CVE-2020-27863
MISC
MISC

d-link — dva-2800_and_dsl-28888a_routers

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911.
2021-02-12
not yet calculated
CVE-2020-27862
MISC
MISC

elastic — apm

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.
2021-02-10
not yet calculated
CVE-2021-22133
MISC

elasticsearch — elasticsearch

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
2021-02-10
not yet calculated
CVE-2020-7021
MISC

elecom — file_manager

Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.
2021-02-12
not yet calculated
CVE-2021-20651
MISC
MISC

elecom — ld-ps/u1

Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.
2021-02-12
not yet calculated
CVE-2021-20643
MISC
MISC

elecom — ncc-ewf100rmwh2

Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
2021-02-12
not yet calculated
CVE-2021-20650
MISC
MISC

elecom — wrc-1467ghbk-a

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user’s web browser by displaying a specially crafted SSID on the web setup page.
2021-02-12
not yet calculated
CVE-2021-20644
MISC
MISC

firejail — firejail
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
2021-02-08
not yet calculated
CVE-2021-26910
MLIST
MISC
MISC
MLIST
MISC
MISC
DEBIAN

fleet — fleet

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the impact of this vulnerability to be low given the requirement that the actor has a valid node key. There is no information disclosure, privilege escalation, or code execution. The issue is fixed in Fleet 3.7.0.
2021-02-10
not yet calculated
CVE-2021-21296
MISC
CONFIRM
MISC

fluent — fluent_bit

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.
2021-02-10
not yet calculated
CVE-2021-27186
MISC
MISC
MISC

foxit — reader

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11727.
2021-02-12
not yet calculated
CVE-2020-27860
MISC
MISC

ftp-srv — ftp-srv

ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user’s defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (“), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3).
2021-02-10
not yet calculated
CVE-2020-26299
MISC
MISC
MISC
MISC
CONFIRM
MISC

genivi — diagnostic_log_and_trace

The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has a heap-based buffer overflow in dlt_buffer_write_block in shared/dlt_common.c.
2021-02-10
not yet calculated
CVE-2020-36244
MISC
MISC

gnu_screen — gnu_screen

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
2021-02-09
not yet calculated
CVE-2021-26937
MLIST
MISC
MISC
MISC

henriquedornas — henriquedornas

** DISPUTED ** An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem.
2021-02-10
not yet calculated
CVE-2021-26939
MISC
MISC

hewlett_packard — aruba

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch’s management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.
2021-02-09
not yet calculated
CVE-2021-25141
MISC

hewlett_packard — moonshot_provisioning_manager

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.
2021-02-09
not yet calculated
CVE-2021-25140
MISC

hewlett_packard — moonshot_provisioning_manager

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a stack based buffer overflow using user supplied input to the `khuploadfile.cgi` CGI ELF. The stack based buffer overflow could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.
2021-02-09
not yet calculated
CVE-2021-25139
MISC

hirschmann — multiple_devices

Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).
2021-02-11
not yet calculated
CVE-2020-9307
CONFIRM
MISC

hyper — hyper

hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in “request smuggling” or “desync attacks”. To determine if vulnerable, all these things must be true: 1) Using hyper as an HTTP server (the client is not affected), 2) Using HTTP/1.1 (HTTP/2 does not use transfer-encoding), 3) Using a vulnerable HTTP proxy upstream to hyper. If an upstream proxy correctly rejects the illegal transfer-encoding headers, the desync attack cannot succeed. If there is no proxy upstream of hyper, hyper cannot start the desync attack, as the client will repair the headers before forwarding. This is fixed in versions 0.14.3 and 0.13.10. As a workaround one can take the following options: 1) Reject requests that contain a `transfer-encoding` header, 2) Ensure any upstream proxy handles `transfer-encoding` correctly.
2021-02-11
not yet calculated
CVE-2021-21299
MISC
MISC
CONFIRM
MISC
MISC

idelji — web_viewpoint_suite

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).
2021-02-09
not yet calculated
CVE-2021-22267
MISC
MISC
MISC

idelji — web_viewpoint_suite

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H).
2021-02-09
not yet calculated
CVE-2021-3191
MISC
CONFIRM
MISC

inoerp — inoerp

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
2021-02-10
not yet calculated
CVE-2020-28870
MISC

issuer — issuer

An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain ‘amount’, and the issuedCount can be zero if there is an overflow.
2021-02-10
not yet calculated
CVE-2020-24838
MISC

lenovo — xclarity_administrator

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.
2021-02-10
not yet calculated
CVE-2020-8355
CONFIRM

libzip — libzip

A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states “This use-after-free is triggered prior to the double free reported in CVE-2017-12858.”
2021-02-09
not yet calculated
CVE-2019-17582
MISC
MISC
MISC

linux — linux_kernel

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (“ovl: stack file ops”). This was fixed in kernel version 5.8 by commits 56230d9 (“ovl: verify permissions in ovl_path_open()”), 48bd024 (“ovl: switch to mounter creds in readdir”) and 05acefb (“ovl: check permission to open real file”). Additionally, commits 130fdbc (“ovl: pass correct flags for opening real directory”) and 292f902 (“ovl: call secutiry hook in ovl_real_ioctl()”) in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (“ovl: do not fail because of O_NOATIMEi”) in kernel 5.11.
2021-02-10
not yet calculated
CVE-2020-16120
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
CONFIRM

logitec — lan-w300n/pr5b_devices

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
2021-02-12
not yet calculated
CVE-2021-20637
MISC
MISC

logitec — lan-w300n/pr5b_devices

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
2021-02-12
not yet calculated
CVE-2021-20636
MISC
MISC

logitec — lan-w300n/rs_devices

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
2021-02-12
not yet calculated
CVE-2021-20642
MISC
MISC

logitec — lan-w300n/rs_devices

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
2021-02-12
not yet calculated
CVE-2021-20641
MISC
MISC

logitec — lan-wh450n/gr_devices

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.
2021-02-12
not yet calculated
CVE-2021-20635
MISC
MISC

lucee — server

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.
2021-02-11
not yet calculated
CVE-2021-21307
MISC
MISC
MISC
MISC
CONFIRM
MISC

magento — magento
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21025
MISC

magento — magento
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21016
MISC

magento — magento
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21027
MISC

magento — magento
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21032
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21018
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21031
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21019
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21015
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21014
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim’s browser. Exploitation of this issue requires user interaction.
2021-02-11
not yet calculated
CVE-2021-21030
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.
2021-02-11
not yet calculated
CVE-2021-21020
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21026
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21024
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim’s browser. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21023
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via ‘file’ parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim’s browser. Access to the admin console is required for successful exploitation.
2021-02-11
not yet calculated
CVE-2021-21029
MISC

magento — magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.
2021-02-11
not yet calculated
CVE-2021-21022
MISC

mautic — mautic

A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
2021-02-09
not yet calculated
CVE-2020-35125
MISC
MISC
MISC
MISC

mcafee — enpoint_security

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine
2021-02-10
not yet calculated
CVE-2021-23878
CONFIRM

mcafee — total_protection

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.
2021-02-10
not yet calculated
CVE-2021-23873
CONFIRM
MISC

mcafee — total_protection

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.
2021-02-10
not yet calculated
CVE-2021-23876
CONFIRM

micrium — uc-http

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-13583
MISC

micro_focus — operations_bridge_manager

Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.
2021-02-12
not yet calculated
CVE-2021-22504
MISC

microsoft — edge_client

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
not yet calculated
CVE-2021-22980
MISC

mongodb — ops_manager

For MongoDB Ops Manager 4.2.X with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager 4.4.X triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted.
2021-02-11
not yet calculated
CVE-2021-20335
MISC

monitorr — monitorr

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
2021-02-10
not yet calculated
CVE-2020-28871
MISC
MISC

netgear — multiple_routers

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.
2021-02-12
not yet calculated
CVE-2020-27867
MISC
MISC

netgear — multiple_routers

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.
2021-02-12
not yet calculated
CVE-2020-27866
MISC
MISC

netgear — orbi_2.5.1.16_routers

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
2021-02-12
not yet calculated
CVE-2020-27861
MISC
MISC

netty — netty

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method “File.createTempFile” on unix-like systems creates a random file, but, by default will create this file with the permissions “-rw-r–r–“. Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty’s “AbstractDiskHttpData” is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own “java.io.tmpdir” when you start the JVM or use “DefaultHttpDataFactory.setBaseDir(…)” to set the directory to something that is only readable by the current user.
2021-02-08
not yet calculated
CVE-2021-21290
MISC
CONFIRM
MLIST

next.js — nextauth

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the Email provider with the default database adapter are not impacted. Implementations using the Prisma database adapter but not using the Email provider are not impacted. The Prisma database adapter was checking the verification token, but was not verifying the email address associated with that token. This made it possible to use a valid token to sign in as another user when using the Prima adapter in conjunction with the Email provider. This issue is specific to the community supported Prisma adapter. This issue is fixed in version 3.3.0.
2021-02-11
not yet calculated
CVE-2021-21310
MISC
CONFIRM
MISC

node.js — node.js

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.
2021-02-11
not yet calculated
CVE-2021-27191
MISC
MISC

oclean — mobile_application

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.
2021-02-11
not yet calculated
CVE-2020-25493
MISC
MISC
MISC

openemr — openemr

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-13565
MISC

openvswitch — openvswitch

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
2021-02-11
not yet calculated
CVE-2020-35498
MISC
MISC

openzfs — openzfs

An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.
2021-02-12
not yet calculated
CVE-2013-20001
MISC
MISC

owncloud — owncloud

The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
2021-02-09
not yet calculated
CVE-2020-28644
MISC

owncloud — owncloud

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
2021-02-09
not yet calculated
CVE-2020-28645
MISC

owncloud — owncloud

When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.
2021-02-09
not yet calculated
CVE-2020-16144
MISC

palo_alto_networks — prisma_cloud_compute

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.
2021-02-10
not yet calculated
CVE-2021-3033
MISC

peel_shopping — peel_shopping

A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
2021-02-12
not yet calculated
CVE-2021-27190
MISC
MISC
MISC

pelco — digital_sentry_server

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn’t check if it’s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with “OBJECT classid=” and “<SCRIPT language=’vbscript’>”) to overwrite arbitrary files.
2021-02-12
not yet calculated
CVE-2021-27197
MISC
MISC

pelco — digital_sentry_server

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%Pelco directory) when DSControlPoint.exe is executed.
2021-02-11
not yet calculated
CVE-2021-27184
MISC
MISC

podman — podman

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2021-02-11
not yet calculated
CVE-2021-20188
MISC

probot — probot

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the “Send an image when a user joins the server” feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as .html.jpg) with the text/html content type. NOTE: there may not be cases in which an uploader web service is customer controlled; however, the nature of the issue has substantial interaction with customer controlled configuration.
2021-02-09
not yet calculated
CVE-2021-26918
MISC
MISC

prusa — research_prusaslicer

An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-28595
MISC

prusa — research_prusaslicer

A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-28596
MISC

pybitmessage — pybitmessage

** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states “security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host.” NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.
2021-02-08
not yet calculated
CVE-2021-26917
MISC
MISC
MISC
MISC

pyyaml — pyyaml

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
2021-02-09
not yet calculated
CVE-2020-14343
MISC

qognify — ocularis

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257.
2021-02-12
not yet calculated
CVE-2020-27868
MISC
MISC

redhat — keycloak

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.
2021-02-11
not yet calculated
CVE-2020-10734
MISC
MISC

redhat — keycloak

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
2021-02-11
not yet calculated
CVE-2020-1717
MISC
MISC

replaysorcery — replaysorcery

The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.
2021-02-10
not yet calculated
CVE-2021-26936
MISC
MISC

ruby_on_rails — ruby_on_rails

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.
2021-02-11
not yet calculated
CVE-2021-22881
MISC
MISC
MISC

ruby_on_rails — ruby_on_rails

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
2021-02-11
not yet calculated
CVE-2021-22880
MISC
MISC

rust — calamine_crate

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.
2021-02-09
not yet calculated
CVE-2021-26951
MISC

rust — qwutils_crate

An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop.
2021-02-09
not yet calculated
CVE-2021-26954
MISC

rust — xcb_crate
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.
2021-02-09
not yet calculated
CVE-2021-26958
MISC

rust — xcb_crate

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.
2021-02-09
not yet calculated
CVE-2021-26955
MISC

rust — xcb_crate

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value.
2021-02-09
not yet calculated
CVE-2021-26956
MISC

rust — xcb_crate

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server.
2021-02-09
not yet calculated
CVE-2021-26957
MISC

rust– postscript_crate

An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation.
2021-02-09
not yet calculated
CVE-2021-26953
MISC

samba — samba

The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.
2021-02-10
not yet calculated
CVE-2021-27185
MISC
MISC
MISC

sap — business_objects_bi_platform

SAP Business Objects BI Platform, versions – 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.
2021-02-09
not yet calculated
CVE-2021-21444
MISC
MISC

sap — commerce_cloud

SAP Commerce Cloud, versions – 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.
2021-02-09
not yet calculated
CVE-2021-21477
MISC
MISC

sap — hana_database

SAP HANA Database, versions – 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.
2021-02-09
not yet calculated
CVE-2021-21474
MISC
MISC

sap — master_data_management

Under specific circumstances SAP Master Data Management, versions – 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.
2021-02-09
not yet calculated
CVE-2021-21475
MISC
MISC

sap — software_provisioning_manager

SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.
2021-02-09
not yet calculated
CVE-2021-21472
MISC
MISC

sap — u15

SAP UI5, versions – 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
2021-02-09
not yet calculated
CVE-2021-21476
MISC
MISC

sap — web_dynpro_abap

SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
2021-02-09
not yet calculated
CVE-2021-21478
MISC
MISC

scimono — scimono

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
2021-02-09
not yet calculated
CVE-2021-21479
CONFIRM

sinec — nms

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as ‘Zip-Slip’. (ZDI-CAN-12054)
2021-02-09
not yet calculated
CVE-2020-25237
MISC
MISC

smartfoxserver — smartfoxserver

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user’s browser session in context of an affected site.
2021-02-09
not yet calculated
CVE-2021-26549
MISC
MISC
MISC
MISC

smartfoxserver — smartfoxserver

An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.
2021-02-09
not yet calculated
CVE-2021-26551
MISC
MISC
MISC

softmaker — office_planmaker

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-27250
MISC

softmaker — office_textmaker

In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-13546
MISC

softmarker — office_planmaker

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.
2021-02-10
not yet calculated
CVE-2020-13581
MISC

solarwinds — network_performance_monitor

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.
2021-02-12
not yet calculated
CVE-2020-27869
MISC

solarwinds — orion_platform

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902.
2021-02-10
not yet calculated
CVE-2020-27871
N/A

solarwinds — orion_platform

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917.
2021-02-10
not yet calculated
CVE-2020-27870
N/A

sovremennye_delovye_teknologii — fx_aggregator

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim’s account.
2021-02-12
not yet calculated
CVE-2021-27188
MISC
MISC

sovremennye_delovye_teknologii — fx_aggregator

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.
2021-02-12
not yet calculated
CVE-2021-27187
MISC
MISC

static-eval — static-eval

All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require(‘static-eval’); var parse = require(‘esprima’).parse; var src=”https://us-cert.cisa.gov(function (x) { return ${eval(“console.log(global.process.mainModule.constructor._load(‘child_process’).execSync(‘ls’).toString())”)} })()” var ast = parse(src).body[0].expression; evaluate(ast)
2021-02-11
not yet calculated
CVE-2021-23334
CONFIRM
CONFIRM
CONFIRM

suse — caas_platform

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.
2021-02-11
not yet calculated
CVE-2020-8029
CONFIRM

suse — caas_platform

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.
2021-02-11
not yet calculated
CVE-2020-8030
CONFIRM

suse — linux_enterprise_server

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
2021-02-11
not yet calculated
CVE-2020-8027
CONFIRM

suse — open_build_service

A Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.
2021-02-11
not yet calculated
CVE-2020-8031
CONFIRM

tencent — wechat

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11580.
2021-02-10
not yet calculated
CVE-2020-27874
N/A

teradici — cloud_access_connector

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
2021-02-11
not yet calculated
CVE-2020-13185
MISC

teradici — cloud_access_connector

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
2021-02-11
not yet calculated
CVE-2020-13186
MISC

teradici — pcoip

An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.
2021-02-11
not yet calculated
CVE-2021-25689
MISC

teradici — pcoip

A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.
2021-02-11
not yet calculated
CVE-2021-25690
MISC

teradici — pcoip

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user’s password in the application logs.
2021-02-11
not yet calculated
CVE-2021-25688
MISC

tp-link — archer

In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.
2021-02-13
not yet calculated
CVE-2021-27209
MISC

tp-link — archer

TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.
2021-02-13
not yet calculated
CVE-2021-27210
MISC

trend_micro — security

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program’s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.
2021-02-10
not yet calculated
CVE-2021-25251
N/A

user-valid — user-valid

All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.
2021-02-11
not yet calculated
CVE-2021-23335
CONFIRM

vrana — adminer

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
2021-02-11
not yet calculated
CVE-2021-21311
MISC
MISC
CONFIRM
MISC

vsphere — replication

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.
2021-02-11
not yet calculated
CVE-2021-21976
MISC

wekan — wekan

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named ‘Fieldbleed’ in the vendor’s site.
2021-02-10
not yet calculated
CVE-2021-20654
MISC
MISC

wire — wire

Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn’t stopped in a scenario where a user first has their camera enabled and then disables it. It’s a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.
2021-02-11
not yet calculated
CVE-2021-21301
MISC
MISC
CONFIRM

xterm — xterm

xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
2021-02-10
not yet calculated
CVE-2021-27135
MLIST
MLIST
MISC
MISC

zcfees — zcfees

An integer underflow has been found in the latest version of ZCFees. The variables ‘currPeriodIdx’ and ‘lastPeriodExecIdx’ are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.
2021-02-10
not yet calculated
CVE-2020-24837
MISC

This product is provided subject to this Notification and this Privacy & Use policy.Original release date: February 15, 2021

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	9.3	CVE-2021-21044 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.	2021-02-11	9.3	CVE-2021-21045 MISC
advantech — iview	Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to ‘Administrator’.	2021-02-11	7.5	CVE-2021-22658 MISC MISC
asus — rt-ax3000_firmware	Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.	2021-02-05	7.8	CVE-2021-3229 MISC MISC MISC
carrierwave_project — carrierwave	CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The “#manipulate!” method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.	2021-02-08	7.5	CVE-2021-21305 MISC MISC MISC CONFIRM MISC
college_management_system_project — college_management_system	College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters ‘unametxt’ and ‘pwdtxt’, which are not filtered before passing a SQL query.	2021-02-08	7.5	CVE-2020-26051 MISC
dell — emc_powerscale_onefs	Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a “use of SSH key past account expiration” vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.	2021-02-09	7.5	CVE-2021-21502 MISC
dell — emc_powerscale_onefs	Dell EMC PowerScale OneFS versions 8.1.0 – 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application.	2021-02-09	7.2	CVE-2020-26193 MISC
dynamoosejs — dynamoose	Dynamoose is an open-source modeling tool for Amazon’s DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method “lib/utils/object/set.ts”. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.	2021-02-08	7.5	CVE-2021-21304 MISC MISC CONFIRM MISC
elecom — wrc-300febk-s_firmware	ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.	2021-02-12	7.7	CVE-2021-20648 MISC MISC
epikur — epikur	An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password’s MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a “Backdoor Password” of 3p1kursupport). If the submitted password matches either one, access is granted.	2021-02-05	7.5	CVE-2020-10539 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.	2021-02-10	7.5	CVE-2021-27145 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.	2021-02-10	7.5	CVE-2021-27147 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP.	2021-02-10	7.5	CVE-2021-27148 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP.	2021-02-10	7.5	CVE-2021-27149 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP.	2021-02-10	7.5	CVE-2021-27146 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP.	2021-02-10	7.5	CVE-2021-27151 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP.	2021-02-10	7.5	CVE-2021-27152 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.	2021-02-10	7.5	CVE-2021-27153 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP.	2021-02-10	7.5	CVE-2021-27154 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP.	2021-02-10	7.5	CVE-2021-27155 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface.	2021-02-10	7.5	CVE-2021-27156 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP.	2021-02-10	7.5	CVE-2021-27157 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP.	2021-02-10	7.5	CVE-2021-27158 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP.	2021-02-10	7.5	CVE-2021-27159 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.	2021-02-10	7.5	CVE-2021-27160 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP.	2021-02-10	7.5	CVE-2021-27161 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP.	2021-02-10	7.5	CVE-2021-27162 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP.	2021-02-10	7.5	CVE-2021-27163 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP.	2021-02-10	7.5	CVE-2021-27150 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP.	2021-02-10	7.5	CVE-2021-27164 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server.	2021-02-10	7.5	CVE-2021-27177 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).	2021-02-10	10	CVE-2021-27171 MISC
fortinet — fortiisolator	An insufficient session expiration vulnerability in FortiNet’s FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)	2021-02-08	7.5	CVE-2020-6649 CONFIRM
genivia — gsoap	A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.	2021-02-10	7.5	CVE-2020-13576 MISC
gitlog_project — gitlog	The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.	2021-02-08	7.5	CVE-2021-26541 MISC MISC
google — android	In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525	2021-02-10	10	CVE-2021-0326 MISC
google — android	In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782	2021-02-10	9.3	CVE-2021-0302 MISC
google — android	In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447	2021-02-10	9.3	CVE-2021-0305 MISC
google — android	In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-174238784	2021-02-10	9.3	CVE-2021-0325 MISC
google — android	In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-163358811	2021-02-10	7.2	CVE-2021-0334 MISC
google — android	In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286	2021-02-10	9.3	CVE-2021-0340 MISC
google — android	In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687	2021-02-10	9.3	CVE-2021-0339 MISC
google — android	In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-169256435	2021-02-10	7.2	CVE-2021-0332 MISC
google — android	In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161	2021-02-10	7.2	CVE-2021-0336 MISC
google — android	In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441	2021-02-10	7.2	CVE-2021-0330 MISC
google — android	In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172670415	2021-02-10	7.2	CVE-2021-0328 MISC
google — android	In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-171400004	2021-02-10	7.2	CVE-2021-0329 MISC
google — android	In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195	2021-02-10	7.2	CVE-2021-0337 MISC
google — android	In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267	2021-02-10	7.2	CVE-2021-0327 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.	2021-02-08	7.2	CVE-2021-25142 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.	2021-02-08	7.2	CVE-2021-25171 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.	2021-02-08	7.2	CVE-2021-25172 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.	2021-02-08	7.2	CVE-2021-25169 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.	2021-02-08	7.2	CVE-2021-26570 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.	2021-02-08	7.2	CVE-2021-26571 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.	2021-02-08	7.2	CVE-2021-26572 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.	2021-02-08	7.2	CVE-2021-26573 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.	2021-02-08	7.2	CVE-2021-26574 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.	2021-02-08	7.2	CVE-2021-26575 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.	2021-02-08	7.2	CVE-2021-26576 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.	2021-02-08	7.2	CVE-2021-25170 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.	2021-02-08	7.2	CVE-2021-25168 MISC
hpe — baseboard_management_controller	The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.	2021-02-08	7.2	CVE-2021-26577 MISC
huawei — ecns280_firmware	There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.	2021-02-06	7.8	CVE-2021-22292 CONFIRM
logitec — lan-w300n/pgrb_firmware	LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.	2021-02-12	7.7	CVE-2021-20638 MISC MISC
logitec — lan-w300n/pgrb_firmware	LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.	2021-02-12	7.7	CVE-2021-20639 MISC MISC
logitec — lan-w300n/pgrb_firmware	Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.	2021-02-12	7.7	CVE-2021-20640 MISC MISC
macfromip_project — macfromip	This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.	2021-02-08	7.5	CVE-2020-7786 MISC MISC
microfocus — operation_bridge_reporter	Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.	2021-02-08	10	CVE-2021-22502 MISC MISC MISC
ncr — command_center_agent	CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor’s position is that exploitation occurs only on devices with a certain “misconfiguration.”	2021-02-07	10	CVE-2021-3122 MISC MISC MISC
netmotionsoftware — netmotion_mobility	NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.	2021-02-08	10	CVE-2021-26914 MISC MISC MISC
netmotionsoftware — netmotion_mobility	NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.	2021-02-08	10	CVE-2021-26913 MISC MISC MISC
netmotionsoftware — netmotion_mobility	NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.	2021-02-08	10	CVE-2021-26915 MISC MISC MISC
netmotionsoftware — netmotion_mobility	NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.	2021-02-08	10	CVE-2021-26912 MISC MISC MISC
node-ps_project — node-ps	This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.	2021-02-08	7.5	CVE-2020-7785 MISC MISC MISC
open-emr — openemr	The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.	2021-02-07	9	CVE-2020-36243 MISC MISC
panasonic — video_insight_vms	Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.	2021-02-05	10	CVE-2021-20623 MISC MISC
phpok — phpok	PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.	2021-02-08	7.5	CVE-2020-16629 MISC
set-or-get_project — set-or-get	Prototype pollution vulnerability in ‘set-or-get’ version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.	2021-02-08	7.5	CVE-2021-25913 MISC MISC
siemens — digsi_4	A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.	2021-02-09	7.2	CVE-2020-25245 MISC MISC
siemens — simatic_hmi_comfort_panels_firmware	A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)	2021-02-09	9.3	CVE-2020-15798 MISC MISC
siemens — simatic_process_control_system_neo	A vulnerability has been identified in PCS neo (Administration Console) (V3.0), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.	2021-02-09	7.2	CVE-2020-25238 MISC MISC CERT-VN
spritesheet-js_project — spritesheet-js	This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.	2021-02-08	7.5	CVE-2020-7782 MISC MISC MISC
svakom — siime_eye_firmware	An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device’s services are running as root).	2021-02-08	10	CVE-2020-11920 MISC
wavlink — wn575a4_firmware	Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.	2021-02-09	10	CVE-2020-13117 MISC
wpdatatables — wpdatatables	wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.	2021-02-08	10	CVE-2021-26754 MISC MISC MISC
zulip — zulip_desktop	Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.	2021-02-05	7.5	CVE-2020-10857 CONFIRM
zzzcms — zzzphp	SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.	2021-02-05	7.5	CVE-2020-18717 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
1password — scim_bridge	1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.	2021-02-08	4	CVE-2021-26905 MISC CONFIRM
adminer — adminer	Adminer through 4.7.8 allows XSS via the history parameter to the default URI.	2021-02-09	4.3	CVE-2020-35572 MISC MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21017 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21028 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21033 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21035 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21036 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21037 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21038 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21039 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21040 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21041 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	6.8	CVE-2021-21021 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	4.3	CVE-2021-21034 MISC
adobe — acrobat	Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	4.3	CVE-2021-21061 MISC
adobe — acrobat	Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	4.3	CVE-2021-21060 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	4.3	CVE-2021-21057 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	4.3	CVE-2021-21046 MISC
adobe — acrobat	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	4.3	CVE-2021-21042 MISC
advantech — iview	Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.	2021-02-11	5	CVE-2021-22656 MISC MISC
advantech — iview	Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.	2021-02-11	5	CVE-2021-22654 MISC MISC MISC
apache — activemq	An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.	2021-02-08	4.3	CVE-2020-13947 MISC MLIST MLIST MLIST
apostrophecms — sanitize-html	Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the “allowedIframeHostnames” option.	2021-02-08	5	CVE-2021-26539 MISC MISC
apostrophecms — sanitize-html	Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the “allowedIframeHostnames” option when the “allowIframeRelativeUrls” is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with “/\example.com”.	2021-02-08	5	CVE-2021-26540 MISC MISC
b2evolution — b2evolution	Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.	2021-02-09	5.8	CVE-2020-22840 MISC MISC MISC
b2evolution — b2evolution_cms	Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.	2021-02-09	4.3	CVE-2020-22839 MISC MISC MISC
carrierwave_project — carrierwave	CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.	2021-02-08	4	CVE-2021-21288 MISC MISC MISC CONFIRM MISC
cesanta — mongoose	The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.	2021-02-08	6.4	CVE-2021-26528 MISC
cesanta — mongoose	The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.	2021-02-08	6.4	CVE-2021-26529 MISC
cesanta — mongoose	The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.	2021-02-08	6.4	CVE-2021-26530 MISC
chainsafe — ethermint	Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an “arbitrary mint token”.	2021-02-08	5	CVE-2021-25837 MISC
chainsafe — ethermint	Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables “cross-chain transaction replay” attack.	2021-02-08	5	CVE-2021-25835 MISC MISC
chainsafe — ethermint	Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.	2021-02-08	5	CVE-2021-25834 MISC
chainsafe — ethermint	Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.	2021-02-08	5	CVE-2021-25836 MISC
cryptography_project — cryptography	In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.	2021-02-07	6.4	CVE-2020-36242 CONFIRM CONFIRM MISC FEDORA
dell — emc_powerscale_onefs	Dell EMC PowerScale OneFS versions 8.2.0 – 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.	2021-02-09	4.6	CVE-2020-26192 MISC
dell — emc_powerscale_onefs	Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.	2021-02-09	5	CVE-2020-26195 MISC
dell — emc_powerscale_onefs	Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.	2021-02-09	4.6	CVE-2020-26194 MISC
dell — emc_powerscale_onefs	Dell EMC PowerScale OneFS versions 8.1.0 – 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.	2021-02-09	4.6	CVE-2020-26191 MISC
elecom — wrc-300febk-a_firmware	Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.	2021-02-12	4.3	CVE-2021-20646 MISC MISC
elecom — wrc-300febk-a_firmware	Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.	2021-02-12	4.3	CVE-2021-20645 MISC MISC
elecom — wrc-300febk-s_firmware	Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.	2021-02-12	4.3	CVE-2021-20647 MISC MISC
elecom — wrc-300febk-s_firmware	ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.	2021-02-12	5.8	CVE-2021-20649 MISC MISC
electriccoin — zcashd	In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim’s address and an IP address, aka a timing side channel.	2021-02-05	5	CVE-2020-8807 MISC
electriccoin — zcashd	Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.	2021-02-05	5	CVE-2020-8806 MISC
emlog — emlog	emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.	2021-02-08	5	CVE-2021-3293 MISC MISC
epikur — epikur	An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.	2021-02-05	4.6	CVE-2020-10537 MISC
ezxml_project — ezxml	The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.	2021-02-08	5.8	CVE-2021-26220 MISC
ezxml_project — ezxml	The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.	2021-02-08	5.8	CVE-2021-26221 MISC
ezxml_project — ezxml	The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.	2021-02-08	5.8	CVE-2021-26222 MISC
fedoraproject — fedora	A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.	2021-02-06	4.3	CVE-2020-14312 MISC
fiberhome — an5506-04-fa_firmware	An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account.	2021-02-10	5	CVE-2021-27169 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.	2021-02-10	5	CVE-2021-27170 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.	2021-02-10	5	CVE-2021-27172 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for the CLI).	2021-02-10	5	CVE-2021-27173 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.	2021-02-10	5	CVE-2021-27167 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account.	2021-02-10	5	CVE-2021-27168 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions.	2021-02-10	5	CVE-2021-27176 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon.	2021-02-10	5	CVE-2021-27166 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.	2021-02-10	5	CVE-2021-27165 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g\|u credentials for an ISP.	2021-02-10	5	CVE-2021-27144 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.	2021-02-10	5	CVE-2021-27143 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions.	2021-02-10	5	CVE-2021-27142 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)	2021-02-10	5	CVE-2021-27141 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.	2021-02-10	5	CVE-2021-27140 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp.	2021-02-10	5	CVE-2021-27139 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions.	2021-02-10	5	CVE-2021-27175 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions.	2021-02-10	5	CVE-2021-27174 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string.	2021-02-10	5	CVE-2021-27179 MISC
fiberhome — hg6245d_firmware	An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram.	2021-02-10	5	CVE-2021-27178 MISC
flowpaper — pdf2json	Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.	2021-02-05	4.6	CVE-2020-18750 CONFIRM MISC
fortinet — fortiweb	An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.	2021-02-08	4.3	CVE-2021-22122 CONFIRM
foxitsoftware — foxit_reader	In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.	2021-02-10	6.8	CVE-2020-13548 MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11192.	2021-02-09	6.8	CVE-2020-17419 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11334.	2021-02-09	6.8	CVE-2020-17427 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11230.	2021-02-09	6.8	CVE-2020-17426 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11259.	2021-02-09	6.8	CVE-2020-17425 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11247.	2021-02-09	6.8	CVE-2020-17424 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ARW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11196.	2021-02-09	6.8	CVE-2020-17423 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11488.	2021-02-09	6.8	CVE-2020-27857 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11434.	2021-02-09	6.8	CVE-2020-27856 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11433.	2021-02-09	6.8	CVE-2020-27855 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11432.	2021-02-09	6.8	CVE-2020-17436 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZIX files. A crafted id in a channel element can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11197.	2021-02-09	6.8	CVE-2020-17418 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11332.	2021-02-09	6.8	CVE-2020-17430 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11337.	2021-02-09	4.3	CVE-2020-17429 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11194.	2021-02-09	6.8	CVE-2020-17421 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11333.	2021-02-09	6.8	CVE-2020-17431 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11358.	2021-02-09	6.8	CVE-2020-17435 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11336.	2021-02-09	4.3	CVE-2020-17428 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11356.	2021-02-09	6.8	CVE-2020-17433 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11335.	2021-02-09	6.8	CVE-2020-17432 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11357.	2021-02-09	6.8	CVE-2020-17434 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11195.	2021-02-09	4.3	CVE-2020-17422 MISC MISC
foxitsoftware — foxit_studio_photo	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11193.	2021-02-09	4.3	CVE-2020-17420 MISC MISC
fusioncharts — apexcharts	The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.	2021-02-09	4.3	CVE-2021-23327 CONFIRM CONFIRM CONFIRM CONFIRM
genivia — gsoap	A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.	2021-02-10	5	CVE-2020-13578 MISC
genivia — gsoap	A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.	2021-02-10	5	CVE-2020-13577 MISC
genivia — gsoap	A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.	2021-02-10	5	CVE-2020-13575 MISC
genivia — gsoap	A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.	2021-02-10	5	CVE-2020-13574 MISC
gitea — gitea	Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.	2021-02-05	5	CVE-2021-3382 MISC
godotengine — godot_engine	An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.	2021-02-08	6.8	CVE-2021-26825 MISC MISC
godotengine — godot_engine	A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.	2021-02-08	6.8	CVE-2021-26826 MISC MISC
google — android	In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491	2021-02-10	6.9	CVE-2021-0333 MISC
google — android	In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178	2021-02-10	4.9	CVE-2021-0338 MISC
google — android	In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783	2021-02-10	6.9	CVE-2021-0331 MISC
google — android	In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309	2021-02-10	4.3	CVE-2021-0335 MISC
google — android	In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302	2021-02-10	6.9	CVE-2021-0314 MISC
google — android	In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069	2021-02-10	5	CVE-2021-0341 MISC
google — chrome	Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21128 MISC MISC
google — chrome	Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.	2021-02-09	6.8	CVE-2021-21127 MISC MISC
google — chrome	Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21118 MISC MISC
google — chrome	Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21119 MISC MISC
google — chrome	Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21120 MISC MISC
google — chrome	Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21121 MISC MISC
google — chrome	Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21122 MISC MISC
google — chrome	Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21124 MISC MISC
google — chrome	Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.	2021-02-09	6.8	CVE-2021-21132 MISC MISC
google — chrome	Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.	2021-02-09	6.8	CVE-2020-16044 MISC MISC
google — chrome	Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.	2021-02-09	6.8	CVE-2021-21138 MISC MISC
google — chrome	Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.	2021-02-09	4.6	CVE-2021-21140 MISC MISC
google — chrome	Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21148 MISC MISC FEDORA
google — chrome	Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21142 MISC MISC FEDORA
google — chrome	Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.	2021-02-09	6.8	CVE-2021-21143 MISC MISC FEDORA
google — chrome	Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21146 MISC MISC FEDORA
google — chrome	Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.	2021-02-09	5.8	CVE-2021-21125 MISC MISC
google — chrome	Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.	2021-02-09	6.8	CVE-2021-21144 MISC MISC FEDORA
google — chrome	Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2021-02-09	6.8	CVE-2021-21145 MISC MISC FEDORA
google — chrome	Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.	2021-02-09	6.9	CVE-2021-21117 MISC MISC
google — chrome	Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21147 MISC MISC FEDORA
google — chrome	Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21141 MISC MISC
google — chrome	Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21139 MISC MISC
google — chrome	Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21137 MISC MISC
google — chrome	Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21136 MISC MISC
google — chrome	Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21135 MISC MISC
google — chrome	Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21134 MISC MISC
google — chrome	Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21133 MISC MISC
google — chrome	Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21131 MISC MISC
google — chrome	Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21130 MISC MISC
google — chrome	Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21129 MISC MISC
google — chrome	Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.	2021-02-09	4.3	CVE-2021-21126 MISC MISC
google — chrome	Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.	2021-02-09	4.3	CVE-2021-21123 MISC MISC
gradle — enterprise_test_distribution_agent	A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can perform a registration step such that crafted TAR archives lead to extraction of files into arbitrary filesystem locations.	2021-02-09	5.5	CVE-2021-26719 MISC
helm — helm	Helm is open-source software which is essentially “The Kubernetes Package Manager”. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used “as is” without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.	2021-02-05	4	CVE-2021-21303 MISC MISC CONFIRM
httplib2_project — httplib2	httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of “xa0” characters in the “www-authenticate” header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.	2021-02-08	5	CVE-2021-21240 MISC MISC CONFIRM MISC
huawei — ais-bw80h-00_firmware	There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package’s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).	2021-02-06	4.6	CVE-2020-9118 CONFIRM
huawei — campusinsight	Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).	2021-02-06	5	CVE-2021-22293 CONFIRM
huawei — imaster_mae-m	There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.	2021-02-06	4.6	CVE-2021-22299 CONFIRM
huawei — manageone	There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.	2021-02-06	4	CVE-2021-22298 CONFIRM
huawei — manageone	There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.	2021-02-06	4	CVE-2020-9205 CONFIRM
huawei — mate_30_firmware	Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.	2021-02-06	4.6	CVE-2021-22301 CONFIRM
huawei — taurus-al00a_firmware	There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.	2021-02-06	4.3	CVE-2021-22303 CONFIRM
ibm — cloud_pak_for_automation	IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 – Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.	2021-02-08	4	CVE-2021-20359 XF CONFIRM
ibm — cloud_pak_for_automation	IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.	2021-02-08	4	CVE-2021-20358 XF CONFIRM
ibm — security_identity_governance_and_intelligence	IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.	2021-02-09	6.4	CVE-2020-4795 XF CONFIRM
ibm — security_identity_governance_and_intelligence	IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users’ session. IBM X-Force ID: 192912.	2021-02-09	5	CVE-2020-4995 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078.	2021-02-11	5	CVE-2021-20404 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.	2021-02-11	5	CVE-2021-20405 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185.	2021-02-12	5	CVE-2021-20407 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188.	2021-02-12	5	CVE-2021-20409 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.	2021-02-11	6.8	CVE-2021-20403 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184.	2021-02-12	4	CVE-2021-20406 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076.	2021-02-11	4	CVE-2021-20402 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192.	2021-02-12	5	CVE-2021-20412 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.	2021-02-12	4.8	CVE-2021-20411 XF CONFIRM
ibm — spectrum_protect_plus	IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.	2021-02-10	5	CVE-2020-5023 XF CONFIRM
ibm — websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.	2021-02-10	6.4	CVE-2021-20353 XF CONFIRM MISC
imagely — nextgen_gallery	A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)	2021-02-09	4.3	CVE-2020-35943 MISC
imagely — nextgen_gallery	A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)	2021-02-09	6.8	CVE-2020-35942 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.	2021-02-06	6.8	CVE-2021-20176 MISC
iobit — advanced_systemcare	The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. DosDevicesAscRegistryFilter and DeviceAscRegistryFilter are affected.	2021-02-05	6.8	CVE-2020-10234 MISC MISC MISC
jenzabar — jenzabar	Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.	2021-02-06	4.3	CVE-2021-26723 MISC MISC MISC
librenms — librenms	A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.	2021-02-08	6.5	CVE-2020-35700 MISC MISC CONFIRM CONFIRM MISC
linkedin — oncall	LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the “No results found for” message in the search bar.	2021-02-05	4.3	CVE-2021-26722 MISC
linux — linux_kernel	A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.	2021-02-05	6.9	CVE-2021-26708 MLIST MISC MISC MISC
marked_project — marked	Marked is an open-source markdown parser and compiler (npm package “marked”). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.	2021-02-08	5	CVE-2021-21306 MISC MISC MISC CONFIRM MISC
maxpcsecure — max_spyware_detector	In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)	2021-02-05	4.6	CVE-2020-12122 MISC MISC MISC
mcafee — endpoint_security	A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update.	2021-02-10	4.9	CVE-2021-23883 CONFIRM
mcafee — total_protection	Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.	2021-02-10	4.6	CVE-2021-23874 CONFIRM
microfocus — application_performance_management	Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker’s choosing.	2021-02-06	4.3	CVE-2021-22500 CONFIRM
millewin — millewin	Millennium Millewin (also known as “Cartella clinica”) 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.	2021-02-09	6.5	CVE-2021-3394 MISC MISC
ms3d_project — ms3d	An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.	2021-02-09	5	CVE-2021-26952 MISC
name_directory_project — name_directory	Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.	2021-02-05	6.8	CVE-2021-20652 MISC MISC
nedi — nedi	NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.	2021-02-12	6.5	CVE-2021-26753 MISC
nedi — nedi	NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.	2021-02-12	4	CVE-2021-26751 MISC
nedi — nedi	NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.	2021-02-12	6.5	CVE-2021-26752 MISC
nopcommerce — nopcommerce	In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.	2021-02-08	4.3	CVE-2021-26916 MISC
octobercms — october	An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.	2021-02-05	6.8	CVE-2021-3311 CONFIRM MISC
omron — cx-one	The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.	2021-02-09	6.8	CVE-2020-27261 MISC MISC MISC
omron — cx-one	The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.	2021-02-09	6.8	CVE-2020-27259 MISC MISC
omron — cx-one	This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.	2021-02-09	6.8	CVE-2020-27257 MISC MISC
opmantek — open-audit	Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.	2021-02-05	4.3	CVE-2021-3333 MISC
otrs — cis_in_customer_frontend	Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.	2021-02-08	4	CVE-2021-21436 CONFIRM
otrs — otrs	Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.	2021-02-08	4.3	CVE-2021-21435 CONFIRM
otrs — ticket_forms	When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x version 8.0.3 and prior versions.	2021-02-08	4	CVE-2020-1779 CONFIRM
phpshe — phpshe	Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.	2021-02-09	6.5	CVE-2020-18215 MISC MISC
privateoctopus — picoquic	picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.	2021-02-08	5	CVE-2020-24944 MISC
psyprax — psyprax	An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.	2021-02-05	5	CVE-2020-10554 MISC
psyprax — psyprax	An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.	2021-02-05	5.5	CVE-2020-10552 MISC
redwood — report2web	A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.	2021-02-05	4.3	CVE-2021-26710 MISC
redwood — report2web	A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.	2021-02-05	5	CVE-2021-26711 MISC
sdgc — pnpscada	PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim’s browser.	2021-02-10	4.3	CVE-2020-24842 MISC
siemens — cscape	Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.	2021-02-09	6.8	CVE-2021-22663 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)	2021-02-09	4.6	CVE-2020-27000 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)	2021-02-09	4.6	CVE-2020-27001 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)	2021-02-09	4.6	CVE-2020-27003 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)	2021-02-09	4.6	CVE-2020-27005 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)	2021-02-09	4.6	CVE-2020-27006 MISC
siemens — nucleus_net	A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.	2021-02-09	5	CVE-2020-28388 MISC
siemens — simaris_configuration	A vulnerability has been identified in SIMARIS configuration (All versions). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.	2021-02-09	4.6	CVE-2020-28392 MISC
sthttpd_project — sthttpd	An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.	2021-02-07	5	CVE-2021-26843 MISC
svakom — siime_eye_firmware	An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device’s Wi-Fi access point.	2021-02-08	4.6	CVE-2020-11915 MISC
symonics — libmysofa	Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 – 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).	2021-02-08	4.3	CVE-2020-36148 MISC
symonics — libmysofa	Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 – 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).	2021-02-08	4.3	CVE-2020-36149 MISC
symonics — libmysofa	Incorrect handling of input data in loudness function in the libmysofa library 0.5 – 1.1 will lead to heap buffer overflow and access to unallocated memory block.	2021-02-08	4.3	CVE-2020-36150 MISC
symonics — libmysofa	Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 – 1.1 will lead to heap buffer overflow and overwriting large memory block.	2021-02-08	4.3	CVE-2020-36151 MISC
symonics — libmysofa	Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 – 1.1 allows attackers to execute arbitrary code via a crafted SOFA.	2021-02-08	6.8	CVE-2020-36152 MISC
tenable — nessus_amazon_machine_image	Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.	2021-02-06	4.3	CVE-2020-5812 MISC
tipsandtricks-hq — wp_security_&_firewall	Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.	2021-02-10	4.3	CVE-2020-29171 CONFIRM CONFIRM MISC
tufin — securetrack	Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.	2021-02-09	6.8	CVE-2020-13460 MISC
tufin — securetrack	Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 1 of 3)	2021-02-09	4.3	CVE-2020-13407 MISC
tufin — securetrack	Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 2 of 3)	2021-02-09	4.3	CVE-2020-13408 MISC
tufin — securetrack	Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3)	2021-02-09	4.3	CVE-2020-13409 MISC
tufin — securetrack	Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.	2021-02-09	5	CVE-2020-13462 MISC
typora — typora	An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.	2021-02-05	4.3	CVE-2020-18737 MISC
zohocorp — manageengine_applications_manager	doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.	2021-02-05	6.5	CVE-2020-35765 MISC CONFIRM CONFIRM CONFIRM
zulip — zulip_desktop	Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.	2021-02-05	5	CVE-2020-10858 CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
b2evolution — b2evolution	Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.	2021-02-09	3.5	CVE-2020-22841 MISC MISC MISC
casap_automated_enrollment_system_project — casap_automated_enrollment_system	CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.	2021-02-09	3.5	CVE-2021-3294 MISC MISC MISC
dell — emc_powerscale_onefs	Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.	2021-02-09	2.1	CVE-2020-26196 MISC
epikur — epikur	An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.	2021-02-05	2.1	CVE-2020-10538 MISC
epson — iprojection	In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. DeviceEMPNSAUIO and DosDevicesEMPNSAU are similarly affected.	2021-02-05	2.1	CVE-2020-9014 MISC MISC MISC
epson — iprojection	In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects DeviceEMPMPAUIO and DosDevicesEMPMPAU.	2021-02-05	2.1	CVE-2020-9453 MISC MISC MISC
gnome — control_center	A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.	2021-02-08	2.1	CVE-2020-14391 MISC
gnome — gnome-autoar	autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink to a directory outside of the intended extraction location.	2021-02-05	2.1	CVE-2020-36241 MISC MISC
google — android	OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.	2021-02-06	2.1	CVE-2020-11836 MISC
henriquedornas — henriquedornas	A stored XSS issue exists in henriquedornas 5.2.17 via online live chat.	2021-02-10	3.5	CVE-2021-26938 MISC
huawei — ecns280_td_firmware	There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.	2021-02-06	1.9	CVE-2021-22300 CONFIRM
huawei — mate_30_firmware	There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service.	2021-02-06	2.1	CVE-2021-22305 CONFIRM
huawei — mate_30_firmware	There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service.	2021-02-06	2.1	CVE-2021-22306 CONFIRM
huawei — mate_30_firmware	There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.	2021-02-06	2.1	CVE-2021-22307 CONFIRM
huawei — taurus-al00a_firmware	There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.	2021-02-06	2.1	CVE-2021-22304 CONFIRM
huawei — taurus-al00a_firmware	There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service.	2021-02-06	3.6	CVE-2021-22302 MISC
ibm — business_automation_workflow	IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907.	2021-02-11	3.5	CVE-2020-4768 XF CONFIRM
ibm — powerha	IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.	2021-02-05	2.1	CVE-2020-4832 XF CONFIRM
ibm — security_identity_governance_and_intelligence	IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913.	2021-02-09	2.1	CVE-2020-4996 XF CONFIRM
ibm — security_identity_governance_and_intelligence	IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.	2021-02-09	1.8	CVE-2020-4791 XF CONFIRM
ibm — security_identity_governance_and_intelligence	IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.	2021-02-09	3.3	CVE-2020-4790 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.	2021-02-12	2.1	CVE-2021-20408 XF CONFIRM
ibm — security_verify_information_queue	IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.	2021-02-12	3.5	CVE-2021-20410 XF CONFIRM
mcafee — endpoint_security	A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.	2021-02-10	3.5	CVE-2021-23881 CONFIRM
mcafee — endpoint_security	Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.	2021-02-10	1.9	CVE-2021-23882 CONFIRM
mcafee — endpoint_security	Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.	2021-02-10	2.1	CVE-2021-23880 CONFIRM
microfocus — application_performance_management	Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.	2021-02-06	3.5	CVE-2021-22499 CONFIRM
netapp — clustered_data_ontap	Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.	2021-02-08	2.1	CVE-2020-8590 MISC
netapp — clustered_data_ontap	Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.	2021-02-08	2.1	CVE-2020-8578 MISC
netapp — oncommand_system_manager	OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.	2021-02-08	2.1	CVE-2020-8587 MISC
newmediacompany — smarty	An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.	2021-02-05	2.1	CVE-2020-10375 MISC MISC
nvidia — geforce_experience	NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.	2021-02-05	3.6	CVE-2021-1072 CONFIRM
online_marriage_registration_system_project — online_marriage_registration_system	Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.	2021-02-08	3.5	CVE-2020-26052 MISC
openwrt — openwrt	In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP’s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.	2021-02-07	3.3	CVE-2021-22161 CONFIRM
otrs — survey	Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions.	2021-02-08	3.5	CVE-2021-21434 CONFIRM
psyprax — psyprax	An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%Psyprax32PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.	2021-02-05	2.1	CVE-2020-10553 MISC
qa-themes — q2a_ultimate_seo	Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.	2021-02-05	3.5	CVE-2021-3258 MISC MISC MISC
roundcube — roundcube	Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.	2021-02-09	3.5	CVE-2021-26925 CONFIRM MISC
secomea — gatemanager_8250_firmware	A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.	2021-02-08	3.5	CVE-2020-29021 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)	2021-02-09	2.1	CVE-2020-28394 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207)	2021-02-09	3.6	CVE-2020-27007 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209)	2021-02-09	3.6	CVE-2020-27008 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)	2021-02-09	3.6	CVE-2020-27004 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040)	2021-02-09	2.1	CVE-2020-26998 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)	2021-02-09	2.1	CVE-2020-26999 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043)	2021-02-09	3.6	CVE-2020-27002 MISC
siemens — scalance_w780_firmware	A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time.	2021-02-09	3.3	CVE-2021-25666 MISC MISC
siemens — simatic_pcs_7	A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.	2021-02-09	2.1	CVE-2020-10048 MISC
smartfoxserver — smartfoxserver	An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.	2021-02-09	2.1	CVE-2021-26550 MISC MISC MISC MISC
telegram — telegram	Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.	2021-02-12	2.1	CVE-2021-27204 MISC MISC
telegram — telegram	Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.	2021-02-12	2.1	CVE-2021-27205 MISC MISC
tufin — securetrack	Username enumeration in present in Tufin SecureTrack. It’s affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor’s response: “This attack requires access to the internal network. If an attacker is part of the internal network, they do not require access to TOS to know the usernames”.	2021-02-09	3.3	CVE-2020-13461 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
abb — ac500	An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.	2021-02-09	not yet calculated	CVE-2020-24685 CONFIRM
accusoft — imagegear	An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-13585 MISC
accusoft — imagegear	An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-13561 MISC
accusoft — imagegear	An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-13571 MISC
accusoft — imagegear	A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-13572 MISC
adobe — acrobat_reader_dc	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21059 MISC
adobe — acrobat_reader_dc	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21063 MISC
adobe — acrobat_reader_dc	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21062 MISC
adobe — acrobat_reader_dc	Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21058 MISC
adobe — animate	Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21052 MISC
adobe — dreamweaver	Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.	2021-02-11	not yet calculated	CVE-2021-21055 MISC
adobe — illustrator	Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21053 MISC
adobe — illustrator	Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21054 MISC
adobe — photoshop	Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21050 MISC
adobe — photoshop	Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted javascript file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21051 MISC
adobe — photoshop	Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21049 MISC
adobe — photoshop	Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file	2021-02-11	not yet calculated	CVE-2021-21048 MISC
adobe — photoshop	Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2021-02-11	not yet calculated	CVE-2021-21047 MISC
advantech — iview	Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.	2021-02-11	not yet calculated	CVE-2021-22652 MISC
apache — thrift	In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.	2021-02-12	not yet calculated	CVE-2020-13949 MISC
argo_cd — argo_cd	In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.	2021-02-09	not yet calculated	CVE-2021-26921 CONFIRM MISC
autotrace — autotrace	A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.	2021-02-11	not yet calculated	CVE-2019-19005 MISC CONFIRM
autotrace — autotrace	A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.	2021-02-11	not yet calculated	CVE-2019-19004 MISC MISC CONFIRM
big-ip — big-ip	On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22978 MISC
big-ip — big-ip	On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22976 MISC
big-ip — big-ip	On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22985 MISC
big-ip — big-ip	On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22981 MISC
big-ip — big-ip	On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22979 MISC
big-ip — big-ip	On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22984 MISC
big-ip — big-ip	On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22982 MISC
big-ip — big-ip	On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22977 MISC
big-ip — big-ip	On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22975 MISC
big-ip — big-ip	On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22974 MISC
big-ip — big-ip	On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22973 MISC
big-ip — big-ip	On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22983 MISC
connman — connman	gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.	2021-02-09	not yet calculated	CVE-2021-26676 MISC CONFIRM CONFIRM CONFIRM MLIST DEBIAN MISC
connman — connman	A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.	2021-02-09	not yet calculated	CVE-2021-26675 MISC CONFIRM CONFIRM MLIST DEBIAN MISC
d-link — dap-1860_wifi_extenders	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.	2021-02-12	not yet calculated	CVE-2020-27865 MISC MISC
d-link — dap-1860_wifi_extenders	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880.	2021-02-12	not yet calculated	CVE-2020-27864 MISC MISC
d-link — dva-2800_and_dsl-28888a_routers	This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10912.	2021-02-12	not yet calculated	CVE-2020-27863 MISC MISC
d-link — dva-2800_and_dsl-28888a_routers	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911.	2021-02-12	not yet calculated	CVE-2020-27862 MISC MISC
elastic — apm	The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.	2021-02-10	not yet calculated	CVE-2021-22133 MISC
elasticsearch — elasticsearch	Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.	2021-02-10	not yet calculated	CVE-2020-7021 MISC
elecom — file_manager	Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.	2021-02-12	not yet calculated	CVE-2021-20651 MISC MISC
elecom — ld-ps/u1	Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.	2021-02-12	not yet calculated	CVE-2021-20643 MISC MISC
elecom — ncc-ewf100rmwh2	Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.	2021-02-12	not yet calculated	CVE-2021-20650 MISC MISC
elecom — wrc-1467ghbk-a	ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user’s web browser by displaying a specially crafted SSID on the web setup page.	2021-02-12	not yet calculated	CVE-2021-20644 MISC MISC
firejail — firejail	Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.	2021-02-08	not yet calculated	CVE-2021-26910 MLIST MISC MISC MLIST MISC MISC DEBIAN
fleet — fleet	Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the impact of this vulnerability to be low given the requirement that the actor has a valid node key. There is no information disclosure, privilege escalation, or code execution. The issue is fixed in Fleet 3.7.0.	2021-02-10	not yet calculated	CVE-2021-21296 MISC CONFIRM MISC
fluent — fluent_bit	Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.	2021-02-10	not yet calculated	CVE-2021-27186 MISC MISC MISC
foxit — reader	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11727.	2021-02-12	not yet calculated	CVE-2020-27860 MISC MISC
ftp-srv — ftp-srv	ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user’s defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (“), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3).	2021-02-10	not yet calculated	CVE-2020-26299 MISC MISC MISC MISC CONFIRM MISC
genivi — diagnostic_log_and_trace	The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has a heap-based buffer overflow in dlt_buffer_write_block in shared/dlt_common.c.	2021-02-10	not yet calculated	CVE-2020-36244 MISC MISC
gnu_screen — gnu_screen	encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.	2021-02-09	not yet calculated	CVE-2021-26937 MLIST MISC MISC MISC
henriquedornas — henriquedornas	DISPUTED An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem.	2021-02-10	not yet calculated	CVE-2021-26939 MISC MISC
hewlett_packard — aruba	A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch’s management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.	2021-02-09	not yet calculated	CVE-2021-25141 MISC
hewlett_packard — moonshot_provisioning_manager	A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. Note: HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.	2021-02-09	not yet calculated	CVE-2021-25140 MISC
hewlett_packard — moonshot_provisioning_manager	A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a stack based buffer overflow using user supplied input to the `khuploadfile.cgi` CGI ELF. The stack based buffer overflow could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. Note: HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.	2021-02-09	not yet calculated	CVE-2021-25139 MISC
hirschmann — multiple_devices	Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).	2021-02-11	not yet calculated	CVE-2020-9307 CONFIRM MISC
hyper — hyper	hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in “request smuggling” or “desync attacks”. To determine if vulnerable, all these things must be true: 1) Using hyper as an HTTP server (the client is not affected), 2) Using HTTP/1.1 (HTTP/2 does not use transfer-encoding), 3) Using a vulnerable HTTP proxy upstream to hyper. If an upstream proxy correctly rejects the illegal transfer-encoding headers, the desync attack cannot succeed. If there is no proxy upstream of hyper, hyper cannot start the desync attack, as the client will repair the headers before forwarding. This is fixed in versions 0.14.3 and 0.13.10. As a workaround one can take the following options: 1) Reject requests that contain a `transfer-encoding` header, 2) Ensure any upstream proxy handles `transfer-encoding` correctly.	2021-02-11	not yet calculated	CVE-2021-21299 MISC MISC CONFIRM MISC MISC
idelji — web_viewpoint_suite	Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).	2021-02-09	not yet calculated	CVE-2021-22267 MISC MISC MISC
idelji — web_viewpoint_suite	Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H).	2021-02-09	not yet calculated	CVE-2021-3191 MISC CONFIRM MISC
inoerp — inoerp	In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.	2021-02-10	not yet calculated	CVE-2020-28870 MISC
issuer — issuer	An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain ‘amount’, and the issuedCount can be zero if there is an overflow.	2021-02-10	not yet calculated	CVE-2020-24838 MISC
lenovo — xclarity_administrator	An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.	2021-02-10	not yet calculated	CVE-2020-8355 CONFIRM
libzip — libzip	A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states “This use-after-free is triggered prior to the double free reported in CVE-2017-12858.”	2021-02-09	not yet calculated	CVE-2019-17582 MISC MISC MISC
linux — linux_kernel	Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (“ovl: stack file ops”). This was fixed in kernel version 5.8 by commits 56230d9 (“ovl: verify permissions in ovl_path_open()”), 48bd024 (“ovl: switch to mounter creds in readdir”) and 05acefb (“ovl: check permission to open real file”). Additionally, commits 130fdbc (“ovl: pass correct flags for opening real directory”) and 292f902 (“ovl: call secutiry hook in ovl_real_ioctl()”) in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (“ovl: do not fail because of O_NOATIMEi”) in kernel 5.11.	2021-02-10	not yet calculated	CVE-2020-16120 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU CONFIRM
logitec — lan-w300n/pr5b_devices	Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.	2021-02-12	not yet calculated	CVE-2021-20637 MISC MISC
logitec — lan-w300n/pr5b_devices	Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.	2021-02-12	not yet calculated	CVE-2021-20636 MISC MISC
logitec — lan-w300n/rs_devices	Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.	2021-02-12	not yet calculated	CVE-2021-20642 MISC MISC
logitec — lan-w300n/rs_devices	Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.	2021-02-12	not yet calculated	CVE-2021-20641 MISC MISC
logitec — lan-wh450n/gr_devices	Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.	2021-02-12	not yet calculated	CVE-2021-20635 MISC MISC
lucee — server	Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.	2021-02-11	not yet calculated	CVE-2021-21307 MISC MISC MISC MISC CONFIRM MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21025 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21016 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21027 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21032 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21018 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21031 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21019 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21015 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21014 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim’s browser. Exploitation of this issue requires user interaction.	2021-02-11	not yet calculated	CVE-2021-21030 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.	2021-02-11	not yet calculated	CVE-2021-21020 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21026 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21024 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim’s browser. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21023 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via ‘file’ parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim’s browser. Access to the admin console is required for successful exploitation.	2021-02-11	not yet calculated	CVE-2021-21029 MISC
magento — magento	Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.	2021-02-11	not yet calculated	CVE-2021-21022 MISC
mautic — mautic	A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).	2021-02-09	not yet calculated	CVE-2020-35125 MISC MISC MISC MISC
mcafee — enpoint_security	Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine	2021-02-10	not yet calculated	CVE-2021-23878 CONFIRM
mcafee — total_protection	Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.	2021-02-10	not yet calculated	CVE-2021-23873 CONFIRM MISC
mcafee — total_protection	Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.	2021-02-10	not yet calculated	CVE-2021-23876 CONFIRM
micrium — uc-http	A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-13583 MISC
micro_focus — operations_bridge_manager	Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.	2021-02-12	not yet calculated	CVE-2021-22504 MISC
microsoft — edge_client	In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.	2021-02-12	not yet calculated	CVE-2021-22980 MISC
mongodb — ops_manager	For MongoDB Ops Manager 4.2.X with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager 4.4.X triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted.	2021-02-11	not yet calculated	CVE-2021-20335 MISC
monitorr — monitorr	Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.	2021-02-10	not yet calculated	CVE-2020-28871 MISC MISC
netgear — multiple_routers	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.	2021-02-12	not yet calculated	CVE-2020-27867 MISC MISC
netgear — multiple_routers	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.	2021-02-12	not yet calculated	CVE-2020-27866 MISC MISC
netgear — orbi_2.5.1.16_routers	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.	2021-02-12	not yet calculated	CVE-2020-27861 MISC MISC
netty — netty	Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method “File.createTempFile” on unix-like systems creates a random file, but, by default will create this file with the permissions “-rw-r–r–“. Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty’s “AbstractDiskHttpData” is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own “java.io.tmpdir” when you start the JVM or use “DefaultHttpDataFactory.setBaseDir(…)” to set the directory to something that is only readable by the current user.	2021-02-08	not yet calculated	CVE-2021-21290 MISC CONFIRM MLIST
next.js — nextauth	NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the Email provider with the default database adapter are not impacted. Implementations using the Prisma database adapter but not using the Email provider are not impacted. The Prisma database adapter was checking the verification token, but was not verifying the email address associated with that token. This made it possible to use a valid token to sign in as another user when using the Prima adapter in conjunction with the Email provider. This issue is specific to the community supported Prisma adapter. This issue is fixed in version 3.3.0.	2021-02-11	not yet calculated	CVE-2021-21310 MISC CONFIRM MISC
node.js — node.js	The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.	2021-02-11	not yet calculated	CVE-2021-27191 MISC MISC
oclean — mobile_application	Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.	2021-02-11	not yet calculated	CVE-2020-25493 MISC MISC MISC
openemr — openemr	An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-13565 MISC
openvswitch — openvswitch	A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.	2021-02-11	not yet calculated	CVE-2020-35498 MISC MISC
openzfs — openzfs	An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.	2021-02-12	not yet calculated	CVE-2013-20001 MISC MISC
owncloud — owncloud	The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.	2021-02-09	not yet calculated	CVE-2020-28644 MISC
owncloud — owncloud	Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.	2021-02-09	not yet calculated	CVE-2020-28645 MISC
owncloud — owncloud	When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.	2021-02-09	not yet calculated	CVE-2020-16144 MISC
palo_alto_networks — prisma_cloud_compute	An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.	2021-02-10	not yet calculated	CVE-2021-3033 MISC
peel_shopping — peel_shopping	A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.	2021-02-12	not yet calculated	CVE-2021-27190 MISC MISC MISC
pelco — digital_sentry_server	DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn’t check if it’s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with “OBJECT classid=” and “<SCRIPT language=’vbscript’>”) to overwrite arbitrary files.	2021-02-12	not yet calculated	CVE-2021-27197 MISC MISC
pelco — digital_sentry_server	Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%Pelco directory) when DSControlPoint.exe is executed.	2021-02-11	not yet calculated	CVE-2021-27184 MISC MISC
podman — podman	A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	2021-02-11	not yet calculated	CVE-2021-20188 MISC
probot — probot	The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the “Send an image when a user joins the server” feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as .html.jpg) with the text/html content type. NOTE: there may not be cases in which an uploader web service is customer controlled; however, the nature of the issue has substantial interaction with customer controlled configuration.	2021-02-09	not yet calculated	CVE-2021-26918 MISC MISC
prusa — research_prusaslicer	An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-28595 MISC
prusa — research_prusaslicer	A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-28596 MISC
pybitmessage — pybitmessage	DISPUTED PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states “security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host.” NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.	2021-02-08	not yet calculated	CVE-2021-26917 MISC MISC MISC MISC
pyyaml — pyyaml	A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.	2021-02-09	not yet calculated	CVE-2020-14343 MISC
qognify — ocularis	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257.	2021-02-12	not yet calculated	CVE-2020-27868 MISC MISC
redhat — keycloak	A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.	2021-02-11	not yet calculated	CVE-2020-10734 MISC MISC
redhat — keycloak	A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.	2021-02-11	not yet calculated	CVE-2020-1717 MISC MISC
replaysorcery — replaysorcery	The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.	2021-02-10	not yet calculated	CVE-2021-26936 MISC MISC
ruby_on_rails — ruby_on_rails	The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.	2021-02-11	not yet calculated	CVE-2021-22881 MISC MISC MISC
ruby_on_rails — ruby_on_rails	The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.	2021-02-11	not yet calculated	CVE-2021-22880 MISC MISC
rust — calamine_crate	An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.	2021-02-09	not yet calculated	CVE-2021-26951 MISC
rust — qwutils_crate	An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop.	2021-02-09	not yet calculated	CVE-2021-26954 MISC
rust — xcb_crate	An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.	2021-02-09	not yet calculated	CVE-2021-26958 MISC
rust — xcb_crate	An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.	2021-02-09	not yet calculated	CVE-2021-26955 MISC
rust — xcb_crate	An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value.	2021-02-09	not yet calculated	CVE-2021-26956 MISC
rust — xcb_crate	An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server.	2021-02-09	not yet calculated	CVE-2021-26957 MISC
rust– postscript_crate	An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation.	2021-02-09	not yet calculated	CVE-2021-26953 MISC
samba — samba	The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.	2021-02-10	not yet calculated	CVE-2021-27185 MISC MISC MISC
sap — business_objects_bi_platform	SAP Business Objects BI Platform, versions – 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.	2021-02-09	not yet calculated	CVE-2021-21444 MISC MISC
sap — commerce_cloud	SAP Commerce Cloud, versions – 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.	2021-02-09	not yet calculated	CVE-2021-21477 MISC MISC
sap — hana_database	SAP HANA Database, versions – 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.	2021-02-09	not yet calculated	CVE-2021-21474 MISC MISC
sap — master_data_management	Under specific circumstances SAP Master Data Management, versions – 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.	2021-02-09	not yet calculated	CVE-2021-21475 MISC MISC
sap — software_provisioning_manager	SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.	2021-02-09	not yet calculated	CVE-2021-21472 MISC MISC
sap — u15	SAP UI5, versions – 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.	2021-02-09	not yet calculated	CVE-2021-21476 MISC MISC
sap — web_dynpro_abap	SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.	2021-02-09	not yet calculated	CVE-2021-21478 MISC MISC
scimono — scimono	In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.	2021-02-09	not yet calculated	CVE-2021-21479 CONFIRM
sinec — nms	A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as ‘Zip-Slip’. (ZDI-CAN-12054)	2021-02-09	not yet calculated	CVE-2020-25237 MISC MISC
smartfoxserver — smartfoxserver	An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user’s browser session in context of an affected site.	2021-02-09	not yet calculated	CVE-2021-26549 MISC MISC MISC MISC
smartfoxserver — smartfoxserver	An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.	2021-02-09	not yet calculated	CVE-2021-26551 MISC MISC MISC
softmaker — office_planmaker	In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-27250 MISC
softmaker — office_textmaker	In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-13546 MISC
softmarker — office_planmaker	In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.	2021-02-10	not yet calculated	CVE-2020-13581 MISC
solarwinds — network_performance_monitor	This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.	2021-02-12	not yet calculated	CVE-2020-27869 MISC
solarwinds — orion_platform	This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902.	2021-02-10	not yet calculated	CVE-2020-27871 N/A
solarwinds — orion_platform	This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917.	2021-02-10	not yet calculated	CVE-2020-27870 N/A
sovremennye_delovye_teknologii — fx_aggregator	The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim’s account.	2021-02-12	not yet calculated	CVE-2021-27188 MISC MISC
sovremennye_delovye_teknologii — fx_aggregator	The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.	2021-02-12	not yet calculated	CVE-2021-27187 MISC MISC
static-eval — static-eval	All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require(‘static-eval’); var parse = require(‘esprima’).parse; var src=”https://us-cert.cisa.gov(function (x) { return ${eval(“console.log(global.process.mainModule.constructor._load(‘child_process’).execSync(‘ls’).toString())”)} })()” var ast = parse(src).body[0].expression; evaluate(ast)	2021-02-11	not yet calculated	CVE-2021-23334 CONFIRM CONFIRM CONFIRM
suse — caas_platform	A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.	2021-02-11	not yet calculated	CVE-2020-8029 CONFIRM
suse — caas_platform	A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.	2021-02-11	not yet calculated	CVE-2020-8030 CONFIRM
suse — linux_enterprise_server	A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.	2021-02-11	not yet calculated	CVE-2020-8027 CONFIRM
suse — open_build_service	A Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.	2021-02-11	not yet calculated	CVE-2020-8031 CONFIRM
tencent — wechat	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11580.	2021-02-10	not yet calculated	CVE-2020-27874 N/A
teradici — cloud_access_connector	Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.	2021-02-11	not yet calculated	CVE-2020-13185 MISC
teradici — cloud_access_connector	An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.	2021-02-11	not yet calculated	CVE-2020-13186 MISC
teradici — pcoip	An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.	2021-02-11	not yet calculated	CVE-2021-25689 MISC
teradici — pcoip	A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.	2021-02-11	not yet calculated	CVE-2021-25690 MISC
teradici — pcoip	Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user’s password in the application logs.	2021-02-11	not yet calculated	CVE-2021-25688 MISC
tp-link — archer	In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.	2021-02-13	not yet calculated	CVE-2021-27209 MISC
tp-link — archer	TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.	2021-02-13	not yet calculated	CVE-2021-27210 MISC
trend_micro — security	The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program’s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.	2021-02-10	not yet calculated	CVE-2021-25251 N/A
user-valid — user-valid	All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.	2021-02-11	not yet calculated	CVE-2021-23335 CONFIRM
vrana — adminer	Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.	2021-02-11	not yet calculated	CVE-2021-21311 MISC MISC CONFIRM MISC
vsphere — replication	vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.	2021-02-11	not yet calculated	CVE-2021-21976 MISC
wekan — wekan	Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named ‘Fieldbleed’ in the vendor’s site.	2021-02-10	not yet calculated	CVE-2021-20654 MISC MISC
wire — wire	Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn’t stopped in a scenario where a user first has their camera enabled and then disables it. It’s a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.	2021-02-11	not yet calculated	CVE-2021-21301 MISC MISC CONFIRM
xterm — xterm	xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.	2021-02-10	not yet calculated	CVE-2021-27135 MLIST MLIST MISC MISC
zcfees — zcfees	An integer underflow has been found in the latest version of ZCFees. The variables ‘currPeriodIdx’ and ‘lastPeriodExecIdx’ are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.	2021-02-10	not yet calculated	CVE-2020-24837 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Securing Your Data

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Leave a Reply Cancel Reply

RebootTwice LLC

Helping Your Business Securely Build Success