Vulnerability Summary for the Week of February 1, 2021CISA All NCAS Products

Original release date: February 8, 2021

High Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

accel-ppp — accel-ppp
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.
2021-02-01
7.5
CVE-2020-28194
MISC
MISC

adt — lifeshield_diy_hd_video_doorbell_firmware
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions.
2021-02-02
8.3
CVE-2020-8101
CONFIRM

apache — druid
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
2021-01-29
9
CVE-2021-25646
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST

apache — shiro
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
2021-02-03
9
CVE-2020-17523
MISC

asus — rt-ax86u_firmware
ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.
2021-02-01
7.5
CVE-2020-36109
MISC

belkin — linksys_wrt160nl_firmware
** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
2021-02-02
9
CVE-2021-25310
MISC
MISC

bitovi — launchpad
All versions of package launchpad are vulnerable to Command Injection via stop.
2021-02-01
7.5
CVE-2021-23330
CONFIRM
CONFIRM
CONFIRM

cdr_project — cdr
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
2021-01-29
7.5
CVE-2021-26305
MISC

cisco — rv016_multi-wan_vpn_router_firmware
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
2021-02-04
9
CVE-2021-1341
CISCO

cmswing — cmswing
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
2021-02-01
7.5
CVE-2020-20294
MISC

cmswing — cmswing
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
2021-02-01
7.5
CVE-2020-20296
MISC

cmswing — cmswing
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
2021-02-01
7.5
CVE-2020-20295
MISC

dlink — dns-320_firmware
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.
2021-02-02
7.5
CVE-2020-25506
MISC
MISC
MISC

dlink — dsr-250_firmware
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.
2021-02-02
7.5
CVE-2020-18568
MISC
MISC

dotty_project — dotty
Prototype pollution vulnerability in ‘dotty’ versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.
2021-02-02
7.5
CVE-2021-25912
MISC
MISC

fortilogger — fortilogger
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a “Content-Type: image/png” header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
2021-02-01
7.5
CVE-2021-3378
MISC

gnupg — libgcrypt
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
2021-01-29
7.2
CVE-2021-3345
MISC
MISC
MISC
MISC
MISC

google — android
In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962.
2021-02-04
7.2
CVE-2021-0343
MISC

google — android
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).
2021-02-04
7.5
CVE-2021-26689
MISC

google — android
In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05349201.
2021-02-04
7.2
CVE-2021-0348
MISC

google — android
In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05362646.
2021-02-04
7.2
CVE-2021-0349
MISC

google — android
In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05437558.
2021-02-04
7.2
CVE-2021-0344
MISC

google — android
In wlan driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05412917.
2021-02-04
7.8
CVE-2021-0351
MISC

google — android
In vpu, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05371580.
2021-02-04
7.2
CVE-2021-0346
MISC

google — android
In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05432974.
2021-02-04
7.2
CVE-2021-0345
MISC

jetbrains — intellij_idea
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution.
2021-02-03
7.5
CVE-2021-25758
MISC
MISC

jetbrains — youtrack
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
2021-02-03
7.5
CVE-2021-25770
MISC
MISC

kill-process-on-port_project — kill-process-on-port
All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.
2021-02-01
7.5
CVE-2020-28426
MISC

koa2-blog_project — koa2-blog
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.
2021-02-01
7.5
CVE-2020-21179
MISC

linux — linux_kernel
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
2021-01-29
7.2
CVE-2021-3347
MLIST
MLIST
MLIST
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
FEDORA
FEDORA
DEBIAN
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
2021-02-01
10
CVE-2020-15833
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations.
2021-02-01
7.5
CVE-2020-13858
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.
2021-02-01
10
CVE-2020-15835
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.
2021-02-01
10
CVE-2020-15836
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.
2021-02-01
7.8
CVE-2020-13857
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device.
2021-02-01
7.8
CVE-2020-15832
MISC
MISC

moxa — edr-g903_firmware
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
2021-02-03
7.5
CVE-2020-28144
MISC

nic — foris
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.
2021-01-29
7.5
CVE-2021-3346
MISC
MISC
MISC

nim-lang — nim
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
2021-01-30
7.5
CVE-2020-15690
MLIST
MISC
MISC
CONFIRM
MISC

qnap — helpdesk
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
2021-02-03
7.5
CVE-2020-2506
CONFIRM

rainbowfishsoftware — pacsone_server
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
2021-02-03
7.5
CVE-2020-29165
MISC
MISC

rockoa — rockoa
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
2021-02-05
7.5
CVE-2020-18716
MISC

rockoa — rockoa
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php’s getdata function.
2021-02-05
7.5
CVE-2020-18714
MISC

rockoa — rockoa
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
2021-02-05
7.5
CVE-2020-18713
MISC

solarwinds — serv-u
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
2021-02-03
7.5
CVE-2020-35481
CONFIRM

terra-master — tos
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
2021-01-30
10
CVE-2020-15568
MISC
MISC

thinkjs — thinkjs
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.
2021-02-01
7.5
CVE-2020-21176
MISC
MISC

tk-star — q90_junior_gps_horloge_firmware
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.
2021-02-01
7.5
CVE-2019-20468
MISC
MISC

tk-star — q90_junior_gps_horloge_firmware
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
2021-02-01
7.2
CVE-2019-20471
MISC
MISC

totaljs — total.js
This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.
2021-02-02
7.5
CVE-2020-28495
MISC
MISC
MISC
MISC
MISC

totaljs — total.js
This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true and because the type parameter is not properly sanitized.
2021-02-02
7.5
CVE-2020-28494
MISC
MISC

trendmicro — apex_one
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2021-02-04
7.2
CVE-2021-25249
N/A
N/A
N/A
N/A

ucopia — express_wireless_appliance
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client’s PHP call, a related issue to CVE-2017-11322.
2021-02-02
7.2
CVE-2020-25035
MISC
MISC

ucopia — ucopia_wireless_appliance
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
2021-02-02
7.2
CVE-2020-25037
MISC
MISC

ucopia — ucopia_wireless_appliance
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
2021-02-02
9
CVE-2020-25036
MISC
MISC

windriver — vxworks
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block’s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
2021-02-03
7.5
CVE-2020-28895
MISC
MISC

wolfssl — wolfssl
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).
2021-01-29
7.5
CVE-2021-3336
MISC

yccms — yccms
Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function’s improper judgment of the request parameters, triggers remote code execution.
2021-02-01
7.5
CVE-2020-20287
MISC
MISC

yccms — yccms
Sql injection vulnerability in the yccms 3.3 project. The no_top function’s improper judgment of the request parameters, triggers a sql injection vulnerability.
2021-02-01
7.5
CVE-2020-20289
MISC
MISC

zohocorp — manageengine_opmanager
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
2021-02-03
7.5
CVE-2020-28653
CONFIRM
CONFIRM

Medium Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

acronis — true_image
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
2021-01-29
4.4
CVE-2020-35145
MISC
CONFIRM

adobe — adobe_consulting_services_commons
ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim’s browser. Exploitation of this issue requires user interaction in order to be successful.
2021-02-02
4.3
CVE-2021-21043
CONFIRM

apache — cassandra
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using ‘dc’ or ‘rack’ internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
2021-02-03
4.3
CVE-2020-17516
CONFIRM

atlassian — crucible
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product’s SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.
2021-02-02
4
CVE-2020-14192
MISC
MISC

atlassian — jira
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.
2021-02-02
4
CVE-2020-36231
MISC

cisco — advanced_malware_protection
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.
2021-01-30
6.9
CVE-2020-14418
MISC
MISC

ckeditor — ckeditor_5
CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.
2021-01-29
4
CVE-2021-21254
MISC
CONFIRM
MISC

cloudflare — warp
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service’s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
2021-02-03
4.6
CVE-2020-35152
CONFIRM

delete_account_project — delete_account
deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter.
2021-02-01
4.3
CVE-2021-3350
MISC

dh2i — dxenterprise
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.
2021-01-29
5
CVE-2021-3341
MISC

digium — asterisk
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
2021-01-29
4
CVE-2020-35652
CONFIRM
CONFIRM
MISC
MISC

djangoproject — django
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by “startapp –template” and “startproject –template”) allows directory traversal via an archive with absolute paths or relative paths with dot segments.
2021-02-02
5
CVE-2021-3281
MISC
MISC
CONFIRM

easycms — easycms
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.
2021-02-01
6.8
CVE-2020-24271
MISC

facebook — hermes
A stack overflow vulnerability in Facebook Hermes â€˜builtin applyâ€™ prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
2021-02-02
6.8
CVE-2020-1896
CONFIRM
CONFIRM

getadigital — nested-object-assign
The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
2021-01-31
5
CVE-2021-23329
MISC
MISC

google — android
In netdiag, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442006.
2021-02-03
4.6
CVE-2021-0360
MISC

google — android
In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442022.
2021-02-03
4.6
CVE-2021-0358
MISC

google — android
In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442011.
2021-02-03
4.6
CVE-2021-0359
MISC

google — android
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05431161.
2021-02-03
4.6
CVE-2021-0354
MISC

google — android
In kisd, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425581.
2021-02-03
4.6
CVE-2021-0355
MISC

google — android
In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247.
2021-02-03
4.6
CVE-2021-0353
MISC

google — android
In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05342338.
2021-02-04
4.9
CVE-2021-0350
MISC

google — android
In kisd, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449968.
2021-02-03
4.6
CVE-2021-0361
MISC

google — android
In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070.
2021-02-03
4.6
CVE-2021-0362
MISC

google — android
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478.
2021-02-03
4.6
CVE-2021-0363
MISC

google — android
In mobile_log_d, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478; Issue ID: ALPS05458503.
2021-02-03
4.6
CVE-2021-0364
MISC

hashicorp — nomad
HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.
2021-02-01
5
CVE-2021-3283
MISC

hashicorp — vault
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
2021-02-01
5
CVE-2020-25594
MISC

hashicorp — vault
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
2021-02-01
5
CVE-2021-3024
MISC

hashicorp — vault
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
2021-02-01
5
CVE-2021-3282
MISC

hcltechsw — onetest_performance
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.
2021-02-04
6.4
CVE-2020-14247
MISC

hcltechsw — onetest_performance
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.
2021-02-04
5
CVE-2020-14246
MISC

hitachi — vantara_pentaho
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA
2021-01-29
4
CVE-2020-24665
MISC
MISC

ibm — api_connect
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.
2021-02-04
4.3
CVE-2020-4826
XF
CONFIRM

ibm — api_connect
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.
2021-02-04
6.4
CVE-2020-4828
XF
CONFIRM

ibm — content_navigator
IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752.
2021-02-02
4
CVE-2020-4934
XF
CONFIRM

iniparserjs_project — iniparserjs
This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
2021-01-29
6.8
CVE-2021-23328
MISC
MISC

intel — m10jnp2sb_firmware
Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.
2021-02-02
4.6
CVE-2020-8734
CONFIRM

iris — star
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.
2021-01-29
6.8
CVE-2020-28403
MISC
MISC

istio — istio
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).
2021-01-29
4
CVE-2019-25014
MISC
MISC

jetbrains — hub
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
2021-02-03
5.8
CVE-2021-25757
MISC
MISC

jetbrains — hub
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
2021-02-03
5
CVE-2021-25760
MISC
MISC

jetbrains — intellij_idea
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.
2021-02-03
5
CVE-2021-25756
MISC
MISC

jetbrains — kotlin
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
2021-02-03
5
CVE-2020-29582
MISC
MISC

jetbrains — ktor
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
2021-02-03
5
CVE-2021-25763
MISC
MISC

jetbrains — teamcity
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
2021-02-03
4.3
CVE-2021-25773
MISC
MISC

jetbrains — teamcity
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
2021-02-03
5
CVE-2021-25778
MISC
MISC

jetbrains — teamcity
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
2021-02-03
5
CVE-2021-25777
MISC
MISC

jetbrains — teamcity
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build’s parameters.
2021-02-03
5
CVE-2021-25776
MISC
MISC

jetbrains — teamcity
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
2021-02-03
5
CVE-2021-25772
MISC
MISC

jetbrains — teamcity
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
2021-02-03
4
CVE-2021-25774
MISC
MISC

jetbrains — teamcity
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
2021-02-03
5
CVE-2020-35667
MISC
MISC

jetbrains — teamcity
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
2021-02-03
5.5
CVE-2021-25775
MISC
MISC

jetbrains — youtrack
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
2021-02-03
6.8
CVE-2021-25765
MISC
MISC

jetbrains — youtrack
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn’t able to access attachments.
2021-02-03
5
CVE-2021-25769
MISC
MISC

jetbrains — youtrack
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
2021-02-03
5
CVE-2021-25768
MISC
MISC

jetbrains — youtrack
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
2021-02-03
5
CVE-2020-25208
MISC
MISC

jetbrains — youtrack
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
2021-02-03
5
CVE-2021-25771
MISC
MISC

jetbrains — youtrack
In JetBrains YouTrack before 2020.6.1767, an issue’s existence could be disclosed via YouTrack command execution.
2021-02-03
5
CVE-2021-25767
MISC
MISC

marc_project — marc
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.
2021-01-29
5
CVE-2021-26308
MISC

mediawiki — mediawiki
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
2021-01-29
5
CVE-2020-29005
MISC
MISC

mediawiki — mediawiki
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
2021-01-29
6.8
CVE-2020-29004
MISC
CONFIRM
MISC

minio — minio
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with “MINIO_BROWSER=off” environment variable.
2021-02-01
4
CVE-2021-21287
MISC
MISC
MISC
CONFIRM

mit — krb5-appl
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
2021-02-02
5.8
CVE-2019-25017
MISC

mit — krb5-appl
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
2021-02-02
5
CVE-2019-25018
MISC

mitel — businesscti_enterprise
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.
2021-01-29
6
CVE-2021-3176
MISC
CONFIRM

mitel — micollab
A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.
2021-01-29
6.4
CVE-2020-35547
MISC
CONFIRM

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.
2021-02-01
5
CVE-2020-13856
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI – OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.
2021-02-01
5
CVE-2020-13859
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.
2021-02-01
5
CVE-2020-15834
MISC
MISC

mofinetwork — mofi4500-4gxelte_firmware
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.
2021-02-01
5
CVE-2020-13860
MISC
MISC

monal — monal
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim.
2021-02-01
5
CVE-2020-26547
MISC
CONFIRM

nagios — favorites
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
2021-02-03
5
CVE-2021-26024
CONFIRM

nagios — favorites
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.
2021-02-03
4.3
CVE-2021-26023
CONFIRM

openhab — openhab
openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from the file system. Responses to SSDP requests can be especially malicious. All add-ons that use SAX or JAXB parsing of externally received XML are potentially subject to this kind of attack. In openHAB, the following add-ons are potentially impacted: AvmFritz, BoseSoundtouch, DenonMarantz, DLinkSmarthome, Enigma2, FmiWeather, FSInternetRadio, Gce, Homematic, HPPrinter, IHC, Insteon, Onkyo, Roku, SamsungTV, Sonos, Roku, Tellstick, TR064, UPnPControl, Vitotronic, Wemo, YamahaReceiver and XPath Tranformation. The vulnerabilities have been fixed in versions 2.5.12 and 3.0.1 by a more strict configuration of the used XML parser.
2021-02-01
4
CVE-2021-21266
MISC
MISC
CONFIRM
MISC

palletsprojects — jinja
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
2021-02-01
5
CVE-2020-28493
MISC
MISC
MISC

phpgacl_project — phpgacl
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.
2021-02-01
4.3
CVE-2020-13562
MISC

phpgacl_project — phpgacl
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.
2021-02-01
4.3
CVE-2020-13564
MISC

phpgacl_project — phpgacl
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.
2021-02-01
4.3
CVE-2020-13563
MISC

qemu — qemu
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
2021-01-30
4.6
CVE-2020-17380
CONFIRM
CONFIRM

rainbowfishsoftware — pacsone_server
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
2021-02-03
4.3
CVE-2020-29164
MISC
MISC

rainbowfishsoftware — pacsone_server
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
2021-02-03
6.5
CVE-2020-29163
MISC
MISC

rainbowfishsoftware — pacsone_server
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
2021-02-03
5
CVE-2020-29166
MISC
MISC

raw-cpuid_project — raw-cpuid
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.
2021-01-29
5
CVE-2021-26306
MISC

rsa — archer
Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks.
2021-01-29
4
CVE-2020-29538
CONFIRM
MISC

rsa — archer
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
2021-01-29
4.9
CVE-2020-29537
CONFIRM
MISC

rsa — archer
Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks.
2021-01-29
4
CVE-2020-29536
CONFIRM
MISC

solarwinds — serv-u
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
2021-02-03
6.5
CVE-2020-27994
CONFIRM
MISC

squaredup — squaredup
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.
2021-02-03
4.3
CVE-2020-9389
CONFIRM

tk-star — q90_junior_gps_horloge_firmware
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a “Remove PIN and restart!” message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.
2021-02-01
4.6
CVE-2019-20473
MISC
MISC

tk-star — q90_junior_gps_horloge_firmware
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.
2021-02-01
5
CVE-2019-20470
MISC
MISC

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
2021-02-04
5
CVE-2021-25240
N/A
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
2021-02-04
5
CVE-2021-25239
N/A
N/A
N/A
N/A

trendmicro — apex_one
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
2021-02-04
6.4
CVE-2021-25246
N/A
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
2021-02-04
5
CVE-2021-25233
N/A
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.
2021-02-04
5
CVE-2021-25237
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
2021-02-04
5
CVE-2021-25232
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
2021-02-04
5
CVE-2021-25235
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
2021-02-04
5
CVE-2021-25243
N/A
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
2021-02-04
5
CVE-2021-25234
N/A
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
2021-02-04
5
CVE-2021-25242
N/A
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
2021-02-04
5
CVE-2021-25230
N/A
N/A
N/A

trendmicro — apex_one
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
2021-02-04
5
CVE-2021-25231
N/A
N/A
N/A
N/A

trendmicro — apex_one
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
2021-02-04
5
CVE-2021-25241
N/A
N/A
N/A

trendmicro — officescan
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent’s managing port.
2021-02-04
5
CVE-2021-25238
N/A
N/A
N/A

trendmicro — officescan
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.
2021-02-04
5
CVE-2021-25236
N/A
N/A
N/A

uip_project — uip
An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.
2021-02-02
5
CVE-2020-24335
MISC
MISC
MISC
MISC
MISC

wikindx_project — wikindx
A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.
2021-02-01
4.3
CVE-2021-3340
MISC
MISC

wwbn — avideo
AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash.
2021-02-01
6.5
CVE-2021-21286
MISC
CONFIRM

yccms — yccms
Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions’ improper judgment of the request parameters, triggers a directory traversal vulnerability.
2021-02-01
6.4
CVE-2020-20290
MISC

zivautomation — 4cct-ea6-334126bf_firmware
ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.
2021-01-29
5
CVE-2021-25909
CONFIRM

Low Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

altn — mdaemon_webmail
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
2021-02-03
3.5
CVE-2020-18723
MISC
MISC

altn — mdaemon_webmail
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.
2021-02-03
3.5
CVE-2020-18724
MISC
MISC

google — android
In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05453809.
2021-02-03
2.1
CVE-2021-0352
MISC

google — android
In ccu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05377188.
2021-02-04
2.1
CVE-2021-0347
MISC

hitachi — vantara_pentaho
The dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘pho:title’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
2021-01-29
3.5
CVE-2020-24664
MISC
MISC

hitachi — vantara_pentaho
The Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Display Name’ parameter. Remediated in >= 9.1.0.1
2021-01-29
3.5
CVE-2020-24666
MISC
MISC

hitachi — vantara_pentaho
The New Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Analysis Report Description’ field in ‘About this Report’ section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.
2021-01-29
3.5
CVE-2020-24669
MISC
MISC

hitachi — vantara_pentaho
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘type’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
2021-01-29
3.5
CVE-2020-24670
MISC
MISC

ibm — api_connect
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.
2021-02-04
3.8
CVE-2020-4640
XF
CONFIRM

ibm — api_connect
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.
2021-02-04
3.5
CVE-2020-4825
XF
CONFIRM

ibm — qradar_security_information_and_event_manager
IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178.
2021-02-04
3.3
CVE-2020-5032
XF
CONFIRM

linux — linux_kernel
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
2021-02-01
2.1
CVE-2021-3348
MLIST
MISC
MISC

nextcloud — nextcloud_server
A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a ‘javascript:’ URL in markdown format.
2021-02-03
3.5
CVE-2020-8294
CONFIRM
CONFIRM

phpgurukul — daily_expense_tracker_system
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.
2021-01-29
3.5
CVE-2021-26304
MISC

pryaniki — pryaniki
A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.
2021-02-02
3.5
CVE-2021-3395
MISC
MISC

raw-cpuid_project — raw-cpuid
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.
2021-01-29
2.1
CVE-2021-26307
MISC

rsa — archer
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
2021-01-29
3.5
CVE-2020-29535
CONFIRM
MISC

solarwinds — serv-u
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
2021-02-03
3.5
CVE-2020-35482
CONFIRM

solarwinds — serv-u
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
2021-02-03
3.5
CVE-2020-28001
CONFIRM
MISC

squaredup — squaredup
SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.
2021-02-03
3.5
CVE-2020-9390
CONFIRM

trendmicro — apex_one
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2021-02-04
2.1
CVE-2021-25248
N/A
N/A
N/A
N/A

zivautomation — 4cct-ea6-334126bf_firmware
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.
2021-01-29
3.3
CVE-2021-25910
CONFIRM

Severity Not Yet Assigned

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

huawei — multiple_products
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.
2021-02-06
not yet calculated
CVE-2021-22300
CONFIRM

allen-bradley — flex_io_1794-aent/b

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
2021-02-04
not yet calculated
CVE-2020-6088
MISC

angular — angular

angular-expressions is “angular’s nicest part extracted as a standalone module for the browser and node”. In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call “expressions.compile(userControlledInput)” where “userControlledInput” is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a “.constructor.constructor” technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput.
2021-02-01
not yet calculated
CVE-2021-21277
MISC
MISC
CONFIRM
MISC

asuswrt — asus_rt-ax3000_firmware

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.
2021-02-05
not yet calculated
CVE-2021-3229
MISC
MISC
MISC

bitcoin — core

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states “I believe that this vulnerability cannot actually be exploited.”
2021-02-04
not yet calculated
CVE-2021-3401
MISC
MISC

blaze — blaze

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. http4s provides a general “MaxActiveRequests” middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. In 0.21.17, 0.22.0-M2, and 1.0.0-M14, a new “maxConnections” property, with a default value of 1024, has been added to the `BlazeServerBuilder`. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended. The NIO2 backend does not respect `maxConnections`. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xhv5-w9c5-2r2w.
2021-02-02
not yet calculated
CVE-2021-21294
MISC
MISC
CONFIRM

blaze — blaze

blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. The vast majority of affected users are using it as part of http4s-blaze-server <= 0.21.16. http4s provides a mechanism for limiting open connections, but is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. The issue is fixed in version 0.14.15 for “NIO1SocketServerGroup”. A “maxConnections” parameter is added, with a default value of 512. Concurrent connections beyond this limit are rejected. To run unbounded, which is not recommended, set a negative number. The “NIO2SocketServerGroup” has no such setting and is now deprecated. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xmw9-q7x9-j5qc.
2021-02-02
not yet calculated
CVE-2021-21293
MISC
CONFIRM
MISC

cisco — 8000_series_routers

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root.
2021-02-04
not yet calculated
CVE-2021-1370
CISCO

cisco — ios_xr_software

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.
2021-02-04
not yet calculated
CVE-2021-1243
CISCO

cisco — ios_xr_software

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition.
2021-02-04
not yet calculated
CVE-2021-1268
CISCO

cisco — ios_xr_software

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
2021-02-04
not yet calculated
CVE-2021-1288
CISCO

cisco — ios_xr_software

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.
2021-02-04
not yet calculated
CVE-2021-1389
CISCO

cisco — ios_xr_software

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user.
2021-02-04
not yet calculated
CVE-2021-1128
CISCO

cisco — managed_services_accelerator

A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
2021-02-04
not yet calculated
CVE-2021-1266
CISCO

cisco — multiple_small_business_routers
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.
2021-02-04
not yet calculated
CVE-2021-1297
CISCO

cisco — multiple_small_business_routers
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
2021-02-04
not yet calculated
CVE-2021-1295
CISCO

cisco — multiple_small_business_routers
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
2021-02-04
not yet calculated
CVE-2021-1291
CISCO

cisco — multiple_small_business_routers
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
2021-02-04
not yet calculated
CVE-2021-1290
CISCO

cisco — multiple_small_business_routers

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.
2021-02-04
not yet calculated
CVE-2021-1315
CISCO

cisco — multiple_small_business_routers

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.
2021-02-04
not yet calculated
CVE-2021-1296
CISCO

cisco — multiple_small_business_routers

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
2021-02-04
not yet calculated
CVE-2021-1294
CISCO

cisco — multiple_small_business_routers

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
2021-02-04
not yet calculated
CVE-2021-1292
CISCO

cisco — multiple_small_business_routers

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
2021-02-04
not yet calculated
CVE-2021-1289
CISCO

cisco — multiple_small_business_routers

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
2021-02-04
not yet calculated
CVE-2021-1293
CISCO

cisco — network_convergence_system_540_series_routers

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
2021-02-04
not yet calculated
CVE-2021-1244
CISCO

cisco — unified_computing_system

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.
2021-02-04
not yet calculated
CVE-2021-1354
CISCO

cisco — webex_meetings_and_webex_meetings_server_software

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.
2021-02-04
not yet calculated
CVE-2021-1221
CISCO

clustered_data — ontap
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
2021-02-03
not yet calculated
CVE-2020-8588
CONFIRM

clustered_data — ontap

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
2021-02-03
not yet calculated
CVE-2020-8589
CONFIRM

com.squareup:connet — com.squareup:connet

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r–r– on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.
2021-02-03
not yet calculated
CVE-2021-23331
CONFIRM
CONFIRM

docker — docker
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the –userns-remap option in which access to remapped root allows privilege escalation to real root. When using “–userns-remap”, if the root user in the remapped namespace has access to the host filesystem they can modify files under “/var/lib/docker/<remapping>” that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
2021-02-02
not yet calculated
CVE-2021-21284
MISC
MISC
MISC
MISC
CONFIRM

docker — docker
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
2021-02-02
not yet calculated
CVE-2021-21285
MISC
MISC
MISC
MISC
CONFIRM

eclipse — californium

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.
2021-02-03
not yet calculated
CVE-2020-27222
CONFIRM

electric_coin_company — zcashd

Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.
2021-02-05
not yet calculated
CVE-2020-8806
MISC

electric_coin_company — zcashd

In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim’s address and an IP address, aka a timing side channel.
2021-02-05
not yet calculated
CVE-2020-8807
MISC

elliptic — elliptic

The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.
2021-02-02
not yet calculated
CVE-2020-28498
MISC
CONFIRM
CONFIRM
MISC

epikur — epikur

An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password’s MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a “Backdoor Password” of 3p1kursupport). If the submitted password matches either one, access is granted.
2021-02-05
not yet calculated
CVE-2020-10539
MISC

epikur — epikur

An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.
2021-02-05
not yet calculated
CVE-2020-10537
MISC

epikur — epikur

An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.
2021-02-05
not yet calculated
CVE-2020-10538
MISC

epson — iprojection

In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. DeviceEMPNSAUIO and DosDevicesEMPNSAU are similarly affected.
2021-02-05
not yet calculated
CVE-2020-9014
MISC
MISC
MISC

epson — iprojection

In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects DeviceEMPMPAUIO and DosDevicesEMPMPAU.
2021-02-05
not yet calculated
CVE-2020-9453
MISC
MISC
MISC

freediskspace — freediskspace

This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.
2021-02-02
not yet calculated
CVE-2020-7775
MISC

gitea — gitea

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
2021-02-05
not yet calculated
CVE-2021-3382
MISC

gnome — evolution

** DISPUTED ** GNOME Evolution through 3.38.3 produces a “Valid signature” message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior.
2021-02-01
not yet calculated
CVE-2021-3349
MISC
MISC
MISC

gnome — multiple_products

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink to a directory outside of the intended extraction location.
2021-02-05
not yet calculated
CVE-2020-36241
MISC
MISC

harbor — harbor

In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
2021-02-02
not yet calculated
CVE-2020-29662
MISC

hcl — digital_experience

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
2021-02-02
not yet calculated
CVE-2020-14255
CONFIRM

hcl — digital_experience

HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
2021-02-02
not yet calculated
CVE-2020-14221
CONFIRM

hcl — digital_experience

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
2021-02-02
not yet calculated
CVE-2020-4081
CONFIRM

hcl — onetest_ui

HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.
2021-02-04
not yet calculated
CVE-2020-14245
MISC

helm — helm

Helm is open-source software which is essentially “The Kubernetes Package Manager”. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used “as is” without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.
2021-02-05
not yet calculated
CVE-2021-21303
MISC
MISC
CONFIRM

huawei — gauess100

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
2021-02-06
not yet calculated
CVE-2021-22298
CONFIRM

huawei — manageone

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
2021-02-06
not yet calculated
CVE-2020-9205
CONFIRM

huawei — mate_30
There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.
2021-02-06
not yet calculated
CVE-2021-22307
CONFIRM

huawei — mate_30

Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.
2021-02-06
not yet calculated
CVE-2021-22301
CONFIRM

huawei — mate_30

There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service.
2021-02-06
not yet calculated
CVE-2021-22306
CONFIRM

huawei — mate_30

There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service.
2021-02-06
not yet calculated
CVE-2021-22305
CONFIRM

huawei — multiple_products

There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.
2021-02-06
not yet calculated
CVE-2021-22292
CONFIRM

huawei — multiple_products

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).
2021-02-06
not yet calculated
CVE-2021-22293
CONFIRM

huawei — multiple_products

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.
2021-02-06
not yet calculated
CVE-2021-22299
CONFIRM

huawei — sound_x_product

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package’s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).
2021-02-06
not yet calculated
CVE-2020-9118
CONFIRM

huawei — taurus-al00a_smartphones
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.
2021-02-06
not yet calculated
CVE-2021-22304
CONFIRM

huawei — taurus-al00a_smartphones

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service.
2021-02-06
not yet calculated
CVE-2021-22302
MISC

huawei — taurus-al00a_smartphones

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.
2021-02-06
not yet calculated
CVE-2021-22303
CONFIRM

ibm — powerha

IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.
2021-02-05
not yet calculated
CVE-2020-4832
XF
CONFIRM

imagemagik — magikcore/gem

A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.
2021-02-06
not yet calculated
CVE-2021-20176
MISC

intel — bluez

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
2021-02-02
not yet calculated
CVE-2020-24490
CONFIRM

intel — celeron_processor_4000_series

Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.
2021-02-02
not yet calculated
CVE-2020-8672
CONFIRM

iobit — advanced_systemcare

The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. DosDevicesAscRegistryFilter and DeviceAscRegistryFilter are affected.
2021-02-05
not yet calculated
CVE-2020-10234
MISC
MISC
MISC

jenzabar — jenzabar

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
2021-02-06
not yet calculated
CVE-2021-26723
MISC
MISC

jetbrains — code_with_me

In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.
2021-02-03
not yet calculated
CVE-2021-25755
MISC
MISC

jetbrains — hub

In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
2021-02-03
not yet calculated
CVE-2021-25759
MISC
MISC

jetbrains — ktor

In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
2021-02-03
not yet calculated
CVE-2021-25761
MISC
MISC

jetbrains — ktor

In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
2021-02-03
not yet calculated
CVE-2021-25762
MISC
MISC

jetbrains — youtrack

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
2021-02-03
not yet calculated
CVE-2021-25766
MISC
MISC

lg — multiple_mobile_devices

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).
2021-02-04
not yet calculated
CVE-2021-26687
MISC

lg — wing_mobile_devices

An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).
2021-02-04
not yet calculated
CVE-2021-26688
MISC

linkedin — oncall

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the “No results found for” message in the search bar.
2021-02-05
not yet calculated
CVE-2021-26722
MISC

linux — linux_kernel

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
2021-02-05
not yet calculated
CVE-2021-26708
MLIST
MISC
MISC
MISC

loklak — loklak

loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit.
2021-02-02
not yet calculated
CVE-2020-15097
MISC
CONFIRM

max_secure — max_spyware_detector

In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)
2021-02-05
not yet calculated
CVE-2020-12122
MISC
MISC
MISC

mechanize — mechanize

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes’ methods which implicitly use Ruby’s Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7.
2021-02-02
not yet calculated
CVE-2021-21289
MISC
MISC
CONFIRM
MISC

micro_focus — application_performance_management

Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
2021-02-06
not yet calculated
CVE-2021-22499
CONFIRM

micro_focus — application_performance_management

Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker’s choosing.
2021-02-06
not yet calculated
CVE-2021-22500
CONFIRM

nessus — ami

Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
2021-02-06
not yet calculated
CVE-2020-5812
MISC

netgear — r7450_routers

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.
2021-02-04
not yet calculated
CVE-2020-27873
N/A
N/A

netgear — r7450_routers

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.
2021-02-04
not yet calculated
CVE-2020-27872
N/A
N/A

new_media — smarty

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.
2021-02-05
not yet calculated
CVE-2020-10375
MISC
MISC

npm — npm

This affects all versions of package decal. The vulnerability is in the extend function.
2021-02-04
not yet calculated
CVE-2020-28450
MISC
MISC
MISC

npm — npm

This affects all versions of package decal. The vulnerability is in the set function.
2021-02-04
not yet calculated
CVE-2020-28449
MISC
MISC
MISC

nvidia — geforce_experience

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
2021-02-05
not yet calculated
CVE-2021-1072
CONFIRM

oauth2_proxy — oauth2_proxy

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for “.example.com”, the intention is that subdomains of example.com are allowed. Instead, “example.com” and “badexample.com” could also match. This is fixed in version 7.0.0 onwards. As a workaround, one can disable the whitelist domain feature and run separate OAuth2 Proxy instances for each subdomain.
2021-02-02
not yet calculated
CVE-2021-21291
MISC
MISC
CONFIRM
MISC

october — october

An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.
2021-02-05
not yet calculated
CVE-2021-3311
CONFIRM
MISC

opmantek — open-audit

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
2021-02-05
not yet calculated
CVE-2021-3333
MISC

oppo — android_phone_with_mtk_chipset

OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.
2021-02-06
not yet calculated
CVE-2020-11836
MISC

pdf2json — pdf2json

Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.
2021-02-05
not yet calculated
CVE-2020-18750
CONFIRM
MISC

podman — podman

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.
2021-02-02
not yet calculated
CVE-2021-20199
MISC
MISC
MISC
MISC

polr — polr

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users’ settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.
2021-02-01
not yet calculated
CVE-2021-21276
MISC
MISC
CONFIRM

pretashop — opart_devis

An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user’s invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.
2021-02-04
not yet calculated
CVE-2020-16194
MISC

psyprax — psyprax

An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.
2021-02-05
not yet calculated
CVE-2020-10552
MISC

psyprax — psyprax

An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%Psyprax32PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.
2021-02-05
not yet calculated
CVE-2020-10553
MISC

psyprax — psyprax

An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.
2021-02-05
not yet calculated
CVE-2020-10554
MISC

question2answer — q2a

Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.
2021-02-05
not yet calculated
CVE-2021-3258
MISC
MISC
MISC

realtek — rtl8195a_wi-fi_module
The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network’s PSK.
2021-02-03
not yet calculated
CVE-2020-25857
CONFIRM

realtek — rtl8195a_wi-fi_module

The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this.
2021-02-03
not yet calculated
CVE-2020-25855
CONFIRM

realtek — rtl8195a_wi-fi_module

The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network’s PSK.
2021-02-03
not yet calculated
CVE-2020-25853
CONFIRM

realtek — rtl8195a_wi-fi_module

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this.
2021-02-03
not yet calculated
CVE-2020-25856
CONFIRM

realtek — rtl8195a_wi-fi_module

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this.
2021-02-03
not yet calculated
CVE-2020-25854
CONFIRM

red_hat — red_hat

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.
2021-02-06
not yet calculated
CVE-2020-14312
MISC

redwood — report2web

A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
2021-02-05
not yet calculated
CVE-2021-26710
MISC

redwood — report2web

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.
2021-02-05
not yet calculated
CVE-2021-26711
MISC

softmaker — office_planmaker

An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.
2021-02-04
not yet calculated
CVE-2020-13579
MISC

softmaker — office_planmaker

A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
2021-02-04
not yet calculated
CVE-2020-13586
MISC

softmaker — office_planmaker

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
2021-02-04
not yet calculated
CVE-2020-27249
MISC

softmaker — office_planmaker

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
2021-02-04
not yet calculated
CVE-2020-27248
MISC

softmaker — office_planmaker

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
2021-02-04
not yet calculated
CVE-2020-27247
MISC

softmaker — office_planmaker

An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.
2021-02-04
not yet calculated
CVE-2020-13580
MISC

solarwinds — orion_platform

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.
2021-02-03
not yet calculated
CVE-2021-25275
MISC

solarwinds — orion_platform

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn’t set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
2021-02-03
not yet calculated
CVE-2021-25274
MISC

solarwinds — serv-u
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users’ password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server’s filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C: home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.
2021-02-03
not yet calculated
CVE-2021-25276
MISC

sonicwall — sslvpn_sma100

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
2021-02-04
not yet calculated
CVE-2021-20016
CONFIRM

squaredup — squaredup

CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
2021-02-03
not yet calculated
CVE-2020-9388
CONFIRM

tibco — ebx_web_server

The TIBCO EBX Web Server component of TIBCO Software Inc.’s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO EBX: versions 5.9.12 and below.
2021-02-02
not yet calculated
CVE-2021-23271
CONFIRM
CONFIRM

traccar — traccar

Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.
2021-02-02
not yet calculated
CVE-2021-21292
MISC
CONFIRM
MISC

trend_micro — antivirus_for_mac_2021

Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability – i.e. the attacker must already have access to the target system (either legitimately or via another exploit).
2021-02-04
not yet calculated
CVE-2021-25227
N/A
N/A

trend_micro — apex_one

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
2021-02-04
not yet calculated
CVE-2021-25229
N/A
N/A
N/A

trend_micro — apex_one

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
2021-02-04
not yet calculated
CVE-2021-25228
N/A
N/A
N/A
N/A

trend_micro — worry-free_business_security

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.
2021-02-04
not yet calculated
CVE-2021-25245
N/A
N/A

trend_micro — worry-free_business_security

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.
2021-02-04
not yet calculated
CVE-2021-25244
N/A
N/A

typora — typora

An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
2021-02-05
not yet calculated
CVE-2020-18737
MISC

video_insight — vms

Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
2021-02-05
not yet calculated
CVE-2021-20623
MISC
MISC

whatsapp — whatsapp

A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.
2021-02-02
not yet calculated
CVE-2020-1910
CONFIRM

wordpress — wordpress

Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
2021-02-05
not yet calculated
CVE-2021-20652
MISC
MISC

zoho — manageengine_applications_manager

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
2021-02-05
not yet calculated
CVE-2020-35765
MISC
CONFIRM

zohocorp — manageengine_remote_access_plus

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin – User Administration userMgmt.do?actionToCall=ShowUser screen.
2021-02-03
not yet calculated
CVE-2019-16268
MISC
CONFIRM

zulipchat — zulip_desktop

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
2021-02-05
not yet calculated
CVE-2020-10858
CONFIRM

zulipchat — zulip_desktop

Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
2021-02-05
not yet calculated
CVE-2020-10857
CONFIRM

zzzcms — zzzcms

SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
2021-02-05
not yet calculated
CVE-2020-18717
MISC

This product is provided subject to this Notification and this Privacy & Use policy.Original release date: February 8, 2021

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
accel-ppp — accel-ppp	Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.	2021-02-01	7.5	CVE-2020-28194 MISC MISC
adt — lifeshield_diy_hd_video_doorbell_firmware	Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions.	2021-02-02	8.3	CVE-2020-8101 CONFIRM
apache — druid	Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.	2021-01-29	9	CVE-2021-25646 MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MISC MLIST
apache — shiro	Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.	2021-02-03	9	CVE-2020-17523 MISC
asus — rt-ax86u_firmware	ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.	2021-02-01	7.5	CVE-2020-36109 MISC
belkin — linksys_wrt160nl_firmware	UNSUPPORTED WHEN ASSIGNED The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer	2021-02-02	9	CVE-2021-25310 MISC MISC
bitovi — launchpad	All versions of package launchpad are vulnerable to Command Injection via stop.	2021-02-01	7.5	CVE-2021-23330 CONFIRM CONFIRM CONFIRM
cdr_project — cdr	An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.	2021-01-29	7.5	CVE-2021-26305 MISC
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1341 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1337 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1338 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1339 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1340 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1347 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1343 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1344 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1345 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1346 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1335 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1348 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1336 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1342 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1334 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1324 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1333 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1319 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1320 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1321 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1322 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1323 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1325 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1326 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1327 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1328 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1329 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1330 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1331 CISCO
cisco — rv016_multi-wan_vpn_router_firmware	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.	2021-02-04	9	CVE-2021-1332 CISCO
cmswing — cmswing	An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.	2021-02-01	7.5	CVE-2020-20294 MISC
cmswing — cmswing	An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.	2021-02-01	7.5	CVE-2020-20296 MISC
cmswing — cmswing	An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.	2021-02-01	7.5	CVE-2020-20295 MISC
dlink — dns-320_firmware	D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.	2021-02-02	7.5	CVE-2020-25506 MISC MISC MISC
dlink — dsr-250_firmware	The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.	2021-02-02	7.5	CVE-2020-18568 MISC MISC
dotty_project — dotty	Prototype pollution vulnerability in ‘dotty’ versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.	2021-02-02	7.5	CVE-2021-25912 MISC MISC
fortilogger — fortilogger	FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a “Content-Type: image/png” header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.	2021-02-01	7.5	CVE-2021-3378 MISC
gnupg — libgcrypt	_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.	2021-01-29	7.2	CVE-2021-3345 MISC MISC MISC MISC MISC
google — android	In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962.	2021-02-04	7.2	CVE-2021-0343 MISC
google — android	An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).	2021-02-04	7.5	CVE-2021-26689 MISC
google — android	In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05349201.	2021-02-04	7.2	CVE-2021-0348 MISC
google — android	In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05362646.	2021-02-04	7.2	CVE-2021-0349 MISC
google — android	In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05437558.	2021-02-04	7.2	CVE-2021-0344 MISC
google — android	In wlan driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05412917.	2021-02-04	7.8	CVE-2021-0351 MISC
google — android	In vpu, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05371580.	2021-02-04	7.2	CVE-2021-0346 MISC
google — android	In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05432974.	2021-02-04	7.2	CVE-2021-0345 MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution.	2021-02-03	7.5	CVE-2021-25758 MISC MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.	2021-02-03	7.5	CVE-2021-25770 MISC MISC
kill-process-on-port_project — kill-process-on-port	All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.	2021-02-01	7.5	CVE-2020-28426 MISC
koa2-blog_project — koa2-blog	Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.	2021-02-01	7.5	CVE-2020-21179 MISC
koa2-blog_project — koa2-blog	Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.	2021-02-01	7.5	CVE-2020-21180 MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.	2021-01-29	7.2	CVE-2021-3347 MLIST MLIST MLIST MISC MISC MISC MISC MISC MISC MISC MISC FEDORA FEDORA DEBIAN MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.	2021-02-01	10	CVE-2020-15833 MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations.	2021-02-01	7.5	CVE-2020-13858 MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.	2021-02-01	10	CVE-2020-15835 MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.	2021-02-01	10	CVE-2020-15836 MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.	2021-02-01	7.8	CVE-2020-13857 MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device.	2021-02-01	7.8	CVE-2020-15832 MISC MISC
moxa — edr-g903_firmware	Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.	2021-02-03	7.5	CVE-2020-28144 MISC
nic — foris	Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.	2021-01-29	7.5	CVE-2021-3346 MISC MISC MISC
nim-lang — nim	In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.	2021-01-30	7.5	CVE-2020-15690 MLIST MISC MISC CONFIRM MISC
qnap — helpdesk	The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.	2021-02-03	7.5	CVE-2020-2506 CONFIRM
qnap — helpdesk	The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.	2021-02-03	7.5	CVE-2020-2507 CONFIRM
rainbowfishsoftware — pacsone_server	PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.	2021-02-03	7.5	CVE-2020-29165 MISC MISC
rockoa — rockoa	SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.	2021-02-05	7.5	CVE-2020-18716 MISC
rockoa — rockoa	SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php’s getdata function.	2021-02-05	7.5	CVE-2020-18714 MISC
rockoa — rockoa	SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php	2021-02-05	7.5	CVE-2020-18713 MISC
solarwinds — serv-u	SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.	2021-02-03	7.5	CVE-2020-35481 CONFIRM
terra-master — tos	TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.	2021-01-30	10	CVE-2020-15568 MISC MISC
thinkjs — thinkjs	SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.	2021-02-01	7.5	CVE-2020-21176 MISC MISC
tk-star — q90_junior_gps_horloge_firmware	An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.	2021-02-01	7.5	CVE-2019-20468 MISC MISC
tk-star — q90_junior_gps_horloge_firmware	An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.	2021-02-01	7.2	CVE-2019-20471 MISC MISC
totaljs — total.js	This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.	2021-02-02	7.5	CVE-2020-28495 MISC MISC MISC MISC MISC
totaljs — total.js	This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true and because the type parameter is not properly sanitized.	2021-02-02	7.5	CVE-2020-28494 MISC MISC
trendmicro — apex_one	An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2021-02-04	7.2	CVE-2021-25249 N/A N/A N/A N/A
ucopia — express_wireless_appliance	UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client’s PHP call, a related issue to CVE-2017-11322.	2021-02-02	7.2	CVE-2020-25035 MISC MISC
ucopia — ucopia_wireless_appliance	UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.	2021-02-02	7.2	CVE-2020-25037 MISC MISC
ucopia — ucopia_wireless_appliance	UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.	2021-02-02	9	CVE-2020-25036 MISC MISC
windriver — vxworks	In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block’s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.	2021-02-03	7.5	CVE-2020-28895 MISC MISC
wolfssl — wolfssl	DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).	2021-01-29	7.5	CVE-2021-3336 MISC
yccms — yccms	Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function’s improper judgment of the request parameters, triggers remote code execution.	2021-02-01	7.5	CVE-2020-20287 MISC MISC
yccms — yccms	Sql injection vulnerability in the yccms 3.3 project. The no_top function’s improper judgment of the request parameters, triggers a sql injection vulnerability.	2021-02-01	7.5	CVE-2020-20289 MISC MISC
zohocorp — manageengine_opmanager	Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.	2021-02-03	7.5	CVE-2020-28653 CONFIRM CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
acronis — true_image	Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.	2021-01-29	4.4	CVE-2020-35145 MISC CONFIRM
adobe — adobe_consulting_services_commons	ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim’s browser. Exploitation of this issue requires user interaction in order to be successful.	2021-02-02	4.3	CVE-2021-21043 CONFIRM
apache — cassandra	Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using ‘dc’ or ‘rack’ internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.	2021-02-03	4.3	CVE-2020-17516 CONFIRM
atlassian — crucible	Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product’s SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.	2021-02-02	4	CVE-2020-14192 MISC MISC
atlassian — jira	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.	2021-02-02	4	CVE-2020-36231 MISC
cisco — advanced_malware_protection	A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.	2021-01-30	6.9	CVE-2020-14418 MISC MISC
ckeditor — ckeditor_5	CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.	2021-01-29	4	CVE-2021-21254 MISC CONFIRM MISC
cloudflare — warp	Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service’s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.	2021-02-03	4.6	CVE-2020-35152 CONFIRM
delete_account_project — delete_account	deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter.	2021-02-01	4.3	CVE-2021-3350 MISC
dh2i — dxenterprise	A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.	2021-01-29	5	CVE-2021-3341 MISC
digium — asterisk	An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.	2021-01-29	4	CVE-2020-35652 CONFIRM CONFIRM MISC MISC
djangoproject — django	In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by “startapp –template” and “startproject –template”) allows directory traversal via an archive with absolute paths or relative paths with dot segments.	2021-02-02	5	CVE-2021-3281 MISC MISC CONFIRM
easycms — easycms	A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=*&password=*.	2021-02-01	6.8	CVE-2020-24271 MISC
facebook — hermes	A stack overflow vulnerability in Facebook Hermes â€˜builtin applyâ€™ prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.	2021-02-02	6.8	CVE-2020-1896 CONFIRM CONFIRM
getadigital — nested-object-assign	The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.	2021-01-31	5	CVE-2021-23329 MISC MISC
google — android	In netdiag, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442006.	2021-02-03	4.6	CVE-2021-0360 MISC
google — android	In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442022.	2021-02-03	4.6	CVE-2021-0358 MISC
google — android	In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442011.	2021-02-03	4.6	CVE-2021-0359 MISC
google — android	In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05431161.	2021-02-03	4.6	CVE-2021-0354 MISC
google — android	In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442002.	2021-02-03	4.6	CVE-2021-0357 MISC
google — android	In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442014.	2021-02-03	4.6	CVE-2021-0356 MISC
google — android	In kisd, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425581.	2021-02-03	4.6	CVE-2021-0355 MISC
google — android	In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247.	2021-02-03	4.6	CVE-2021-0353 MISC
google — android	In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05342338.	2021-02-04	4.9	CVE-2021-0350 MISC
google — android	In kisd, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449968.	2021-02-03	4.6	CVE-2021-0361 MISC
google — android	In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070.	2021-02-03	4.6	CVE-2021-0362 MISC
google — android	In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478.	2021-02-03	4.6	CVE-2021-0363 MISC
google — android	In mobile_log_d, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478; Issue ID: ALPS05458503.	2021-02-03	4.6	CVE-2021-0364 MISC
google — android	In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05454782.	2021-02-03	4.6	CVE-2021-0365 MISC
hashicorp — nomad	HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.	2021-02-01	5	CVE-2021-3283 MISC
hashicorp — vault	HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.	2021-02-01	5	CVE-2020-25594 MISC
hashicorp — vault	HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.	2021-02-01	5	CVE-2021-3024 MISC
hashicorp — vault	HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.	2021-02-01	5	CVE-2021-3282 MISC
hcltechsw — onetest_performance	HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.	2021-02-04	6.4	CVE-2020-14247 MISC
hcltechsw — onetest_performance	HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.	2021-02-04	5	CVE-2020-14246 MISC
hitachi — vantara_pentaho	The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA	2021-01-29	4	CVE-2020-24665 MISC MISC
ibm — api_connect	IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.	2021-02-04	4.3	CVE-2020-4826 XF CONFIRM
ibm — api_connect	IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.	2021-02-04	4.3	CVE-2020-4827 XF CONFIRM
ibm — api_connect	IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.	2021-02-04	6.4	CVE-2020-4828 XF CONFIRM
ibm — content_navigator	IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752.	2021-02-02	4	CVE-2020-4934 XF CONFIRM
iniparserjs_project — iniparserjs	This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.	2021-01-29	6.8	CVE-2021-23328 MISC MISC
intel — m10jnp2sb_firmware	Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.	2021-02-02	4.6	CVE-2020-8734 CONFIRM
iris — star	A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.	2021-01-29	6.8	CVE-2020-28403 MISC MISC
istio — istio	A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).	2021-01-29	4	CVE-2019-25014 MISC MISC
jetbrains — hub	In JetBrains Hub before 2020.1.12629, an open redirect was possible.	2021-02-03	5.8	CVE-2021-25757 MISC MISC
jetbrains — hub	In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.	2021-02-03	5	CVE-2021-25760 MISC MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.	2021-02-03	5	CVE-2021-25756 MISC MISC
jetbrains — kotlin	In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.	2021-02-03	5	CVE-2020-29582 MISC MISC
jetbrains — ktor	In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.	2021-02-03	5	CVE-2021-25763 MISC MISC
jetbrains — teamcity	JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.	2021-02-03	4.3	CVE-2021-25773 MISC MISC
jetbrains — teamcity	In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.	2021-02-03	5	CVE-2021-25778 MISC MISC
jetbrains — teamcity	In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.	2021-02-03	5	CVE-2021-25777 MISC MISC
jetbrains — teamcity	In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build’s parameters.	2021-02-03	5	CVE-2021-25776 MISC MISC
jetbrains — teamcity	In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.	2021-02-03	5	CVE-2021-25772 MISC MISC
jetbrains — teamcity	In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.	2021-02-03	4	CVE-2021-25774 MISC MISC
jetbrains — teamcity	JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.	2021-02-03	5	CVE-2020-35667 MISC MISC
jetbrains — teamcity	In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.	2021-02-03	5.5	CVE-2021-25775 MISC MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.	2021-02-03	6.8	CVE-2021-25765 MISC MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn’t able to access attachments.	2021-02-03	5	CVE-2021-25769 MISC MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.	2021-02-03	5	CVE-2021-25768 MISC MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.	2021-02-03	5	CVE-2020-25208 MISC MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.	2021-02-03	5	CVE-2021-25771 MISC MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.6.1767, an issue’s existence could be disclosed via YouTrack command execution.	2021-02-03	5	CVE-2021-25767 MISC MISC
marc_project — marc	An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.	2021-01-29	5	CVE-2021-26308 MISC
mediawiki — mediawiki	The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.	2021-01-29	5	CVE-2020-29005 MISC MISC
mediawiki — mediawiki	The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.	2021-01-29	6.8	CVE-2020-29004 MISC CONFIRM MISC
minio — minio	MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with “MINIO_BROWSER=off” environment variable.	2021-02-01	4	CVE-2021-21287 MISC MISC MISC CONFIRM
mit — krb5-appl	An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.	2021-02-02	5.8	CVE-2019-25017 MISC
mit — krb5-appl	In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.	2021-02-02	5	CVE-2019-25018 MISC
mitel — businesscti_enterprise	The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.	2021-01-29	6	CVE-2021-3176 MISC CONFIRM
mitel — micollab	A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.	2021-01-29	6.4	CVE-2020-35547 MISC CONFIRM
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.	2021-02-01	5	CVE-2020-13856 MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI – OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.	2021-02-01	5	CVE-2020-13859 MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.	2021-02-01	5	CVE-2020-15834 MISC MISC
mofinetwork — mofi4500-4gxelte_firmware	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.	2021-02-01	5	CVE-2020-13860 MISC MISC
monal — monal	Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim.	2021-02-01	5	CVE-2020-26547 MISC CONFIRM
nagios — favorites	The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.	2021-02-03	5	CVE-2021-26024 CONFIRM
nagios — favorites	The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.	2021-02-03	4.3	CVE-2021-26023 CONFIRM
openhab — openhab	openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from the file system. Responses to SSDP requests can be especially malicious. All add-ons that use SAX or JAXB parsing of externally received XML are potentially subject to this kind of attack. In openHAB, the following add-ons are potentially impacted: AvmFritz, BoseSoundtouch, DenonMarantz, DLinkSmarthome, Enigma2, FmiWeather, FSInternetRadio, Gce, Homematic, HPPrinter, IHC, Insteon, Onkyo, Roku, SamsungTV, Sonos, Roku, Tellstick, TR064, UPnPControl, Vitotronic, Wemo, YamahaReceiver and XPath Tranformation. The vulnerabilities have been fixed in versions 2.5.12 and 3.0.1 by a more strict configuration of the used XML parser.	2021-02-01	4	CVE-2021-21266 MISC MISC CONFIRM MISC
palletsprojects — jinja	This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.	2021-02-01	5	CVE-2020-28493 MISC MISC MISC
phpgacl_project — phpgacl	A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.	2021-02-01	4.3	CVE-2020-13562 MISC
phpgacl_project — phpgacl	A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.	2021-02-01	4.3	CVE-2020-13564 MISC
phpgacl_project — phpgacl	A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.	2021-02-01	4.3	CVE-2020-13563 MISC
qemu — qemu	A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.	2021-01-30	4.6	CVE-2020-17380 CONFIRM CONFIRM
rainbowfishsoftware — pacsone_server	PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).	2021-02-03	4.3	CVE-2020-29164 MISC MISC
rainbowfishsoftware — pacsone_server	PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.	2021-02-03	6.5	CVE-2020-29163 MISC MISC
rainbowfishsoftware — pacsone_server	PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.	2021-02-03	5	CVE-2020-29166 MISC MISC
raw-cpuid_project — raw-cpuid	An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.	2021-01-29	5	CVE-2021-26306 MISC
rsa — archer	Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks.	2021-01-29	4	CVE-2020-29538 CONFIRM MISC
rsa — archer	Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.	2021-01-29	4.9	CVE-2020-29537 CONFIRM MISC
rsa — archer	Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks.	2021-01-29	4	CVE-2020-29536 CONFIRM MISC
solarwinds — serv-u	SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.	2021-02-03	6.5	CVE-2020-27994 CONFIRM MISC
squaredup — squaredup	A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.	2021-02-03	4.3	CVE-2020-9389 CONFIRM
tk-star — q90_junior_gps_horloge_firmware	An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a “Remove PIN and restart!” message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.	2021-02-01	4.6	CVE-2019-20473 MISC MISC
tk-star — q90_junior_gps_horloge_firmware	An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.	2021-02-01	5	CVE-2019-20470 MISC MISC
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.	2021-02-04	5	CVE-2021-25240 N/A N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.	2021-02-04	5	CVE-2021-25239 N/A N/A N/A N/A
trendmicro — apex_one	An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.	2021-02-04	6.4	CVE-2021-25246 N/A N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.	2021-02-04	5	CVE-2021-25233 N/A N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.	2021-02-04	5	CVE-2021-25237 N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.	2021-02-04	5	CVE-2021-25232 N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.	2021-02-04	5	CVE-2021-25235 N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.	2021-02-04	5	CVE-2021-25243 N/A N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.	2021-02-04	5	CVE-2021-25234 N/A N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.	2021-02-04	5	CVE-2021-25242 N/A N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.	2021-02-04	5	CVE-2021-25230 N/A N/A N/A
trendmicro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.	2021-02-04	5	CVE-2021-25231 N/A N/A N/A N/A
trendmicro — apex_one	A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.	2021-02-04	5	CVE-2021-25241 N/A N/A N/A
trendmicro — officescan	An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent’s managing port.	2021-02-04	5	CVE-2021-25238 N/A N/A N/A
trendmicro — officescan	A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.	2021-02-04	5	CVE-2021-25236 N/A N/A N/A
uip_project — uip	An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.	2021-02-02	5	CVE-2020-24335 MISC MISC MISC MISC MISC
wikindx_project — wikindx	A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.	2021-02-01	4.3	CVE-2021-3340 MISC MISC
wwbn — avideo	AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash.	2021-02-01	6.5	CVE-2021-21286 MISC CONFIRM
yccms — yccms	Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions’ improper judgment of the request parameters, triggers a directory traversal vulnerability.	2021-02-01	6.4	CVE-2020-20290 MISC
zivautomation — 4cct-ea6-334126bf_firmware	ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.	2021-01-29	5	CVE-2021-25909 CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
altn — mdaemon_webmail	Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.	2021-02-03	3.5	CVE-2020-18723 MISC MISC
altn — mdaemon_webmail	Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.	2021-02-03	3.5	CVE-2020-18724 MISC MISC
google — android	In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05453809.	2021-02-03	2.1	CVE-2021-0352 MISC
google — android	In ccu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05377188.	2021-02-04	2.1	CVE-2021-0347 MISC
hitachi — vantara_pentaho	The dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘pho:title’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.	2021-01-29	3.5	CVE-2020-24664 MISC MISC
hitachi — vantara_pentaho	The Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Display Name’ parameter. Remediated in >= 9.1.0.1	2021-01-29	3.5	CVE-2020-24666 MISC MISC
hitachi — vantara_pentaho	The New Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Analysis Report Description’ field in ‘About this Report’ section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.	2021-01-29	3.5	CVE-2020-24669 MISC MISC
hitachi — vantara_pentaho	The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘type’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.	2021-01-29	3.5	CVE-2020-24670 MISC MISC
ibm — api_connect	Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.	2021-02-04	3.8	CVE-2020-4640 XF CONFIRM
ibm — api_connect	IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.	2021-02-04	3.5	CVE-2020-4825 XF CONFIRM
ibm — qradar_security_information_and_event_manager	IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178.	2021-02-04	3.3	CVE-2020-5032 XF CONFIRM
linux — linux_kernel	nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.	2021-02-01	2.1	CVE-2021-3348 MLIST MISC MISC
nextcloud — nextcloud_server	A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a ‘javascript:’ URL in markdown format.	2021-02-03	3.5	CVE-2020-8294 CONFIRM CONFIRM
phpgurukul — daily_expense_tracker_system	PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.	2021-01-29	3.5	CVE-2021-26304 MISC
pryaniki — pryaniki	A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.	2021-02-02	3.5	CVE-2021-3395 MISC MISC
raw-cpuid_project — raw-cpuid	An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.	2021-01-29	2.1	CVE-2021-26307 MISC
rsa — archer	Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.	2021-01-29	3.5	CVE-2020-29535 CONFIRM MISC
solarwinds — serv-u	SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.	2021-02-03	3.5	CVE-2020-35482 CONFIRM
solarwinds — serv-u	SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.	2021-02-03	3.5	CVE-2020-28001 CONFIRM MISC
squaredup — squaredup	SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.	2021-02-03	3.5	CVE-2020-9390 CONFIRM
trendmicro — apex_one	An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2021-02-04	2.1	CVE-2021-25248 N/A N/A N/A N/A
zivautomation — 4cct-ea6-334126bf_firmware	Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.	2021-01-29	3.3	CVE-2021-25910 CONFIRM

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
huawei — multiple_products	There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.	2021-02-06	not yet calculated	CVE-2021-22300 CONFIRM
allen-bradley — flex_io_1794-aent/b	An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.	2021-02-04	not yet calculated	CVE-2020-6088 MISC
angular — angular	angular-expressions is “angular’s nicest part extracted as a standalone module for the browser and node”. In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call “expressions.compile(userControlledInput)” where “userControlledInput” is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a “.constructor.constructor” technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput.	2021-02-01	not yet calculated	CVE-2021-21277 MISC MISC CONFIRM MISC
asuswrt — asus_rt-ax3000_firmware	Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.	2021-02-05	not yet calculated	CVE-2021-3229 MISC MISC MISC
bitcoin — core	Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states “I believe that this vulnerability cannot actually be exploited.”	2021-02-04	not yet calculated	CVE-2021-3401 MISC MISC
blaze — blaze	Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. http4s provides a general “MaxActiveRequests” middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. In 0.21.17, 0.22.0-M2, and 1.0.0-M14, a new “maxConnections” property, with a default value of 1024, has been added to the `BlazeServerBuilder`. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended. The NIO2 backend does not respect `maxConnections`. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xhv5-w9c5-2r2w.	2021-02-02	not yet calculated	CVE-2021-21294 MISC MISC CONFIRM
blaze — blaze	blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. The vast majority of affected users are using it as part of http4s-blaze-server <= 0.21.16. http4s provides a mechanism for limiting open connections, but is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. The issue is fixed in version 0.14.15 for “NIO1SocketServerGroup”. A “maxConnections” parameter is added, with a default value of 512. Concurrent connections beyond this limit are rejected. To run unbounded, which is not recommended, set a negative number. The “NIO2SocketServerGroup” has no such setting and is now deprecated. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xmw9-q7x9-j5qc.	2021-02-02	not yet calculated	CVE-2021-21293 MISC CONFIRM MISC
cisco — 8000_series_routers	A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root.	2021-02-04	not yet calculated	CVE-2021-1370 CISCO
cisco — ios_xr_software	A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.	2021-02-04	not yet calculated	CVE-2021-1243 CISCO
cisco — ios_xr_software	A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition.	2021-02-04	not yet calculated	CVE-2021-1268 CISCO
cisco — ios_xr_software	Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2021-02-04	not yet calculated	CVE-2021-1288 CISCO
cisco — ios_xr_software	Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2021-02-04	not yet calculated	CVE-2021-1313 CISCO
cisco — ios_xr_software	A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.	2021-02-04	not yet calculated	CVE-2021-1389 CISCO
cisco — ios_xr_software	A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user.	2021-02-04	not yet calculated	CVE-2021-1128 CISCO
cisco — managed_services_accelerator	A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.	2021-02-04	not yet calculated	CVE-2021-1266 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.	2021-02-04	not yet calculated	CVE-2021-1297 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.	2021-02-04	not yet calculated	CVE-2021-1295 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.	2021-02-04	not yet calculated	CVE-2021-1291 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.	2021-02-04	not yet calculated	CVE-2021-1290 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.	2021-02-04	not yet calculated	CVE-2021-1315 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.	2021-02-04	not yet calculated	CVE-2021-1314 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.	2021-02-04	not yet calculated	CVE-2021-1316 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.	2021-02-04	not yet calculated	CVE-2021-1296 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.	2021-02-04	not yet calculated	CVE-2021-1294 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.	2021-02-04	not yet calculated	CVE-2021-1292 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.	2021-02-04	not yet calculated	CVE-2021-1289 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.	2021-02-04	not yet calculated	CVE-2021-1317 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.	2021-02-04	not yet calculated	CVE-2021-1318 CISCO
cisco — multiple_small_business_routers	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.	2021-02-04	not yet calculated	CVE-2021-1293 CISCO
cisco — network_convergence_system_540_series_routers	Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2021-02-04	not yet calculated	CVE-2021-1244 CISCO
cisco — network_convergence_system_540_series_routers	Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2021-02-04	not yet calculated	CVE-2021-1136 CISCO
cisco — unified_computing_system	A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.	2021-02-04	not yet calculated	CVE-2021-1354 CISCO
cisco — webex_meetings_and_webex_meetings_server_software	A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.	2021-02-04	not yet calculated	CVE-2021-1221 CISCO
clustered_data — ontap	Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).	2021-02-03	not yet calculated	CVE-2020-8588 CONFIRM
clustered_data — ontap	Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.	2021-02-03	not yet calculated	CVE-2020-8589 CONFIRM
com.squareup:connet — com.squareup:connet	This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r–r– on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.	2021-02-03	not yet calculated	CVE-2021-23331 CONFIRM CONFIRM
docker — docker	In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the –userns-remap option in which access to remapped root allows privilege escalation to real root. When using “–userns-remap”, if the root user in the remapped namespace has access to the host filesystem they can modify files under “/var/lib/docker/<remapping>” that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.	2021-02-02	not yet calculated	CVE-2021-21284 MISC MISC MISC MISC CONFIRM
docker — docker	In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.	2021-02-02	not yet calculated	CVE-2021-21285 MISC MISC MISC MISC CONFIRM
eclipse — californium	In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.	2021-02-03	not yet calculated	CVE-2020-27222 CONFIRM
electric_coin_company — zcashd	Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.	2021-02-05	not yet calculated	CVE-2020-8806 MISC
electric_coin_company — zcashd	In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim’s address and an IP address, aka a timing side channel.	2021-02-05	not yet calculated	CVE-2020-8807 MISC
elliptic — elliptic	The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.	2021-02-02	not yet calculated	CVE-2020-28498 MISC CONFIRM CONFIRM MISC
epikur — epikur	An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password’s MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a “Backdoor Password” of 3p1kursupport). If the submitted password matches either one, access is granted.	2021-02-05	not yet calculated	CVE-2020-10539 MISC
epikur — epikur	An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.	2021-02-05	not yet calculated	CVE-2020-10537 MISC
epikur — epikur	An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.	2021-02-05	not yet calculated	CVE-2020-10538 MISC
epson — iprojection	In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. DeviceEMPNSAUIO and DosDevicesEMPNSAU are similarly affected.	2021-02-05	not yet calculated	CVE-2020-9014 MISC MISC MISC
epson — iprojection	In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects DeviceEMPMPAUIO and DosDevicesEMPMPAU.	2021-02-05	not yet calculated	CVE-2020-9453 MISC MISC MISC
freediskspace — freediskspace	This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.	2021-02-02	not yet calculated	CVE-2020-7775 MISC
gitea — gitea	Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.	2021-02-05	not yet calculated	CVE-2021-3382 MISC
gnome — evolution	DISPUTED GNOME Evolution through 3.38.3 produces a “Valid signature” message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior.	2021-02-01	not yet calculated	CVE-2021-3349 MISC MISC MISC
gnome — multiple_products	autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink to a directory outside of the intended extraction location.	2021-02-05	not yet calculated	CVE-2020-36241 MISC MISC
harbor — harbor	In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.	2021-02-02	not yet calculated	CVE-2020-29662 MISC
hcl — digital_experience	HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.	2021-02-02	not yet calculated	CVE-2020-14255 CONFIRM
hcl — digital_experience	HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.	2021-02-02	not yet calculated	CVE-2020-14221 CONFIRM
hcl — digital_experience	In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).	2021-02-02	not yet calculated	CVE-2020-4081 CONFIRM
hcl — onetest_ui	HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.	2021-02-04	not yet calculated	CVE-2020-14245 MISC
helm — helm	Helm is open-source software which is essentially “The Kubernetes Package Manager”. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used “as is” without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.	2021-02-05	not yet calculated	CVE-2021-21303 MISC MISC CONFIRM
huawei — gauess100	There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.	2021-02-06	not yet calculated	CVE-2021-22298 CONFIRM
huawei — manageone	There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.	2021-02-06	not yet calculated	CVE-2020-9205 CONFIRM
huawei — mate_30	There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.	2021-02-06	not yet calculated	CVE-2021-22307 CONFIRM
huawei — mate_30	Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.	2021-02-06	not yet calculated	CVE-2021-22301 CONFIRM
huawei — mate_30	There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service.	2021-02-06	not yet calculated	CVE-2021-22306 CONFIRM
huawei — mate_30	There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service.	2021-02-06	not yet calculated	CVE-2021-22305 CONFIRM
huawei — multiple_products	There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.	2021-02-06	not yet calculated	CVE-2021-22292 CONFIRM
huawei — multiple_products	Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).	2021-02-06	not yet calculated	CVE-2021-22293 CONFIRM
huawei — multiple_products	There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.	2021-02-06	not yet calculated	CVE-2021-22299 CONFIRM
huawei — sound_x_product	There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package’s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).	2021-02-06	not yet calculated	CVE-2020-9118 CONFIRM
huawei — taurus-al00a_smartphones	There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.	2021-02-06	not yet calculated	CVE-2021-22304 CONFIRM
huawei — taurus-al00a_smartphones	There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service.	2021-02-06	not yet calculated	CVE-2021-22302 MISC
huawei — taurus-al00a_smartphones	There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.	2021-02-06	not yet calculated	CVE-2021-22303 CONFIRM
ibm — powerha	IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.	2021-02-05	not yet calculated	CVE-2020-4832 XF CONFIRM
imagemagik — magikcore/gem	A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.	2021-02-06	not yet calculated	CVE-2021-20176 MISC
intel — bluez	Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.	2021-02-02	not yet calculated	CVE-2020-24490 CONFIRM
intel — celeron_processor_4000_series	Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.	2021-02-02	not yet calculated	CVE-2020-8672 CONFIRM
iobit — advanced_systemcare	The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. DosDevicesAscRegistryFilter and DeviceAscRegistryFilter are affected.	2021-02-05	not yet calculated	CVE-2020-10234 MISC MISC MISC
jenzabar — jenzabar	Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.	2021-02-06	not yet calculated	CVE-2021-26723 MISC MISC
jetbrains — code_with_me	In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.	2021-02-03	not yet calculated	CVE-2021-25755 MISC MISC
jetbrains — hub	In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.	2021-02-03	not yet calculated	CVE-2021-25759 MISC MISC
jetbrains — ktor	In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.	2021-02-03	not yet calculated	CVE-2021-25761 MISC MISC
jetbrains — ktor	In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.	2021-02-03	not yet calculated	CVE-2021-25762 MISC MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.	2021-02-03	not yet calculated	CVE-2021-25766 MISC MISC
lg — multiple_mobile_devices	An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).	2021-02-04	not yet calculated	CVE-2021-26687 MISC
lg — wing_mobile_devices	An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).	2021-02-04	not yet calculated	CVE-2021-26688 MISC
linkedin — oncall	LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the “No results found for” message in the search bar.	2021-02-05	not yet calculated	CVE-2021-26722 MISC
linux — linux_kernel	A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.	2021-02-05	not yet calculated	CVE-2021-26708 MLIST MISC MISC MISC
loklak — loklak	loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit.	2021-02-02	not yet calculated	CVE-2020-15097 MISC CONFIRM
max_secure — max_spyware_detector	In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)	2021-02-05	not yet calculated	CVE-2020-12122 MISC MISC MISC
mechanize — mechanize	Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes’ methods which implicitly use Ruby’s Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7.	2021-02-02	not yet calculated	CVE-2021-21289 MISC MISC CONFIRM MISC
micro_focus — application_performance_management	Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.	2021-02-06	not yet calculated	CVE-2021-22499 CONFIRM
micro_focus — application_performance_management	Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker’s choosing.	2021-02-06	not yet calculated	CVE-2021-22500 CONFIRM
nessus — ami	Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.	2021-02-06	not yet calculated	CVE-2020-5812 MISC
netgear — r7450_routers	This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.	2021-02-04	not yet calculated	CVE-2020-27873 N/A N/A
netgear — r7450_routers	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.	2021-02-04	not yet calculated	CVE-2020-27872 N/A N/A
new_media — smarty	An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.	2021-02-05	not yet calculated	CVE-2020-10375 MISC MISC
npm — npm	This affects all versions of package decal. The vulnerability is in the extend function.	2021-02-04	not yet calculated	CVE-2020-28450 MISC MISC MISC
npm — npm	This affects all versions of package decal. The vulnerability is in the set function.	2021-02-04	not yet calculated	CVE-2020-28449 MISC MISC MISC
nvidia — geforce_experience	NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.	2021-02-05	not yet calculated	CVE-2021-1072 CONFIRM
oauth2_proxy — oauth2_proxy	OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for “.example.com”, the intention is that subdomains of example.com are allowed. Instead, “example.com” and “badexample.com” could also match. This is fixed in version 7.0.0 onwards. As a workaround, one can disable the whitelist domain feature and run separate OAuth2 Proxy instances for each subdomain.	2021-02-02	not yet calculated	CVE-2021-21291 MISC MISC CONFIRM MISC
october — october	An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.	2021-02-05	not yet calculated	CVE-2021-3311 CONFIRM MISC
opmantek — open-audit	Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.	2021-02-05	not yet calculated	CVE-2021-3333 MISC
oppo — android_phone_with_mtk_chipset	OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.	2021-02-06	not yet calculated	CVE-2020-11836 MISC
pdf2json — pdf2json	Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.	2021-02-05	not yet calculated	CVE-2020-18750 CONFIRM MISC
podman — podman	Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.	2021-02-02	not yet calculated	CVE-2021-20199 MISC MISC MISC MISC
polr — polr	Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users’ settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.	2021-02-01	not yet calculated	CVE-2021-21276 MISC MISC CONFIRM
pretashop — opart_devis	An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user’s invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.	2021-02-04	not yet calculated	CVE-2020-16194 MISC
psyprax — psyprax	An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.	2021-02-05	not yet calculated	CVE-2020-10552 MISC
psyprax — psyprax	An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%Psyprax32PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.	2021-02-05	not yet calculated	CVE-2020-10553 MISC
psyprax — psyprax	An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.	2021-02-05	not yet calculated	CVE-2020-10554 MISC
question2answer — q2a	Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.	2021-02-05	not yet calculated	CVE-2021-3258 MISC MISC MISC
realtek — rtl8195a_wi-fi_module	The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network’s PSK.	2021-02-03	not yet calculated	CVE-2020-25857 CONFIRM
realtek — rtl8195a_wi-fi_module	The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this.	2021-02-03	not yet calculated	CVE-2020-25855 CONFIRM
realtek — rtl8195a_wi-fi_module	The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network’s PSK.	2021-02-03	not yet calculated	CVE-2020-25853 CONFIRM
realtek — rtl8195a_wi-fi_module	The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this.	2021-02-03	not yet calculated	CVE-2020-25856 CONFIRM
realtek — rtl8195a_wi-fi_module	The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this.	2021-02-03	not yet calculated	CVE-2020-25854 CONFIRM
red_hat — red_hat	A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.	2021-02-06	not yet calculated	CVE-2020-14312 MISC
redwood — report2web	A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.	2021-02-05	not yet calculated	CVE-2021-26710 MISC
redwood — report2web	A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.	2021-02-05	not yet calculated	CVE-2021-26711 MISC
softmaker — office_planmaker	An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.	2021-02-04	not yet calculated	CVE-2020-13579 MISC
softmaker — office_planmaker	A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.	2021-02-04	not yet calculated	CVE-2020-13586 MISC
softmaker — office_planmaker	A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).	2021-02-04	not yet calculated	CVE-2020-27249 MISC
softmaker — office_planmaker	A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).	2021-02-04	not yet calculated	CVE-2020-27248 MISC
softmaker — office_planmaker	A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).	2021-02-04	not yet calculated	CVE-2020-27247 MISC
softmaker — office_planmaker	An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.	2021-02-04	not yet calculated	CVE-2020-13580 MISC
solarwinds — orion_platform	SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.	2021-02-03	not yet calculated	CVE-2021-25275 MISC
solarwinds — orion_platform	The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn’t set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.	2021-02-03	not yet calculated	CVE-2021-25274 MISC
solarwinds — serv-u	In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users’ password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server’s filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C: home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.	2021-02-03	not yet calculated	CVE-2021-25276 MISC
sonicwall — sslvpn_sma100	A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.	2021-02-04	not yet calculated	CVE-2021-20016 CONFIRM
squaredup — squaredup	CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.	2021-02-03	not yet calculated	CVE-2020-9388 CONFIRM
tibco — ebx_web_server	The TIBCO EBX Web Server component of TIBCO Software Inc.’s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO EBX: versions 5.9.12 and below.	2021-02-02	not yet calculated	CVE-2021-23271 CONFIRM CONFIRM
traccar — traccar	Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.	2021-02-02	not yet calculated	CVE-2021-21292 MISC CONFIRM MISC
trend_micro — antivirus_for_mac_2021	Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability – i.e. the attacker must already have access to the target system (either legitimately or via another exploit).	2021-02-04	not yet calculated	CVE-2021-25227 N/A N/A
trend_micro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.	2021-02-04	not yet calculated	CVE-2021-25229 N/A N/A N/A
trend_micro — apex_one	An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.	2021-02-04	not yet calculated	CVE-2021-25228 N/A N/A N/A N/A
trend_micro — worry-free_business_security	An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.	2021-02-04	not yet calculated	CVE-2021-25245 N/A N/A
trend_micro — worry-free_business_security	An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.	2021-02-04	not yet calculated	CVE-2021-25244 N/A N/A
typora — typora	An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.	2021-02-05	not yet calculated	CVE-2020-18737 MISC
video_insight — vms	Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.	2021-02-05	not yet calculated	CVE-2021-20623 MISC MISC
whatsapp — whatsapp	A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.	2021-02-02	not yet calculated	CVE-2020-1910 CONFIRM
wordpress — wordpress	Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.	2021-02-05	not yet calculated	CVE-2021-20652 MISC MISC
zoho — manageengine_applications_manager	doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.	2021-02-05	not yet calculated	CVE-2020-35765 MISC CONFIRM
zohocorp — manageengine_remote_access_plus	Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin – User Administration userMgmt.do?actionToCall=ShowUser screen.	2021-02-03	not yet calculated	CVE-2019-16268 MISC CONFIRM
zulipchat — zulip_desktop	Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.	2021-02-05	not yet calculated	CVE-2020-10858 CONFIRM
zulipchat — zulip_desktop	Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.	2021-02-05	not yet calculated	CVE-2020-10857 CONFIRM
zzzcms — zzzcms	SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.	2021-02-05	not yet calculated	CVE-2020-18717 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Securing Your Data

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Leave a Reply Cancel Reply

RebootTwice LLC

Helping Your Business Securely Build Success