Original release date: February 22, 2021
High Vulnerabilities
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
accellion — fta
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
2021-02-16
7.2
CVE-2021-27102
MISC
MISC
accellion — fta
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
2021-02-16
10
CVE-2021-27104
MISC
MISC
accellion — fta
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
2021-02-16
7.5
CVE-2021-27103
MISC
MISC
accellion — fta
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
2021-02-16
7.5
CVE-2021-27101
MISC
MISC
advantech — webaccess/scada
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
2021-02-17
7.2
CVE-2020-13555
MISC
advantech — webaccess/scada
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
2021-02-17
7.2
CVE-2020-13553
MISC
advantech — webaccess/scada
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
2021-02-17
7.2
CVE-2020-13552
MISC
advantech — webaccess/scada
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
2021-02-17
7.2
CVE-2020-13551
MISC
citsmart — citsmart
CITSmart before 9.1.2.23 allows LDAP Injection.
2021-02-15
7.5
CVE-2020-35775
MISC
CONFIRM
MISC
MISC
dlink — dap-1860_firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880.
2021-02-12
8.3
CVE-2020-27864
MISC
MISC
dlink — dap-1860_firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.
2021-02-12
8.3
CVE-2020-27865
MISC
MISC
elecom — wrc-300febk-s_firmware
ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
2021-02-12
7.7
CVE-2021-20648
MISC
MISC
iptime — c200_firmware
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.
2021-02-17
7.7
CVE-2020-7848
MISC
limesurvey — limesurvey
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
2021-02-14
7.5
CVE-2019-25019
MISC
MISC
logitec — lan-w300n/pgrb_firmware
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.
2021-02-12
7.7
CVE-2021-20640
MISC
MISC
logitec — lan-w300n/pgrb_firmware
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.
2021-02-12
7.7
CVE-2021-20639
MISC
MISC
logitec — lan-w300n/pgrb_firmware
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.
2021-02-12
7.7
CVE-2021-20638
MISC
MISC
microfocus — operations_bridge_manager
Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.
2021-02-12
10
CVE-2021-22504
MISC
nagios — nagios_xi
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
2021-02-15
9
CVE-2021-25298
MISC
MISC
MISC
nagios — nagios_xi
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
2021-02-15
9
CVE-2021-25297
MISC
MISC
MISC
nagios — nagios_xi
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
2021-02-15
9
CVE-2021-25296
MISC
MISC
MISC
netgear — ac2100_firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.
2021-02-12
7.7
CVE-2020-27867
MISC
MISC
netgear — ac2100_firmware
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.
2021-02-12
8.3
CVE-2020-27866
MISC
MISC
netgear — cbk40_firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
2021-02-12
8.3
CVE-2020-27861
MISC
MISC
pelco — digital_sentry_server
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn’t check if it’s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with “OBJECT classid=” and “<SCRIPT language=’vbscript’>”) to overwrite arbitrary files.
2021-02-12
8.8
CVE-2021-27197
MISC
MISC
pystemon_project — pystemon
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.
2021-02-14
7.5
CVE-2021-27213
MISC
MISC
qognify — ocularis
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257.
2021-02-12
10
CVE-2020-27868
MISC
MISC
racom — m!dge_cellular_router_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.
2021-02-16
7.2
CVE-2021-20075
MISC
sdg — pnpscada
PNPSCADA 2.200816204020 allows SQL injection via parameter ‘interf’ in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
2021-02-16
7.5
CVE-2020-24841
MISC
MISC
solarwinds — network_performance_monitor
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.
2021-02-12
9
CVE-2020-27869
MISC
zscaler — client_connector
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
2021-02-16
7.2
CVE-2020-11635
MISC
Back to top
Medium Vulnerabilities
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
advantech — webaccess/scada
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.
2021-02-17
4
CVE-2020-13550
MISC
apache — thrift
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
2021-02-12
5
CVE-2020-13949
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
atlassian — data_center
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.
2021-02-15
5
CVE-2020-36237
MISC
atlassian — data_center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1.
2021-02-15
4
CVE-2020-29451
MISC
atlassian — jira
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.
2021-02-15
5
CVE-2020-36235
MISC
atlassian — jira
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
2021-02-15
4.3
CVE-2020-36236
MISC
changjia_property_management_system_project — changjia_property_management_system
The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.
2021-02-17
5
CVE-2021-22856
CONFIRM
MISC
changjia_property_management_system_project — changjia_property_management_system
The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.
2021-02-17
5
CVE-2021-22857
CONFIRM
MISC
deepnetsecurity — dualshield
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an “unknown username” error message.
2021-02-16
5
CVE-2020-28918
MISC
MISC
dlink — dva-2800_firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911.
2021-02-12
5.8
CVE-2020-27862
MISC
MISC
elecom — file_manager
Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.
2021-02-12
6.4
CVE-2021-20651
MISC
MISC
elecom — ld-ps/u1_firmware
Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.
2021-02-12
5
CVE-2021-20643
MISC
MISC
elecom — ncc-ewf100rmwh2_firmware
Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
2021-02-12
4.3
CVE-2021-20650
MISC
MISC
elecom — wrc-1467ghbk-a_firmware
ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user’s web browser by displaying a specially crafted SSID on the web setup page.
2021-02-12
4.3
CVE-2021-20644
MISC
MISC
elecom — wrc-300febk-a_firmware
Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.
2021-02-12
4.3
CVE-2021-20645
MISC
MISC
elecom — wrc-300febk-a_firmware
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
2021-02-12
4.3
CVE-2021-20646
MISC
MISC
elecom — wrc-300febk-s_firmware
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.
2021-02-12
5.8
CVE-2021-20649
MISC
MISC
elecom — wrc-300febk-s_firmware
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
2021-02-12
4.3
CVE-2021-20647
MISC
MISC
f5 — access_policy_manager_clients
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
6.9
CVE-2021-22980
MISC
f5 — big-ip_access_policy_manager
On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
4.3
CVE-2021-22979
MISC
f5 — big-ip_access_policy_manager
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
4.3
CVE-2021-22975
MISC
f5 — big-ip_access_policy_manager
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
6
CVE-2021-22974
MISC
f5 — big-ip_access_policy_manager
On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
5.8
CVE-2021-22981
MISC
f5 — big-ip_access_policy_manager
On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
5
CVE-2021-22977
MISC
f5 — big-ip_access_policy_manager
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
5
CVE-2021-22973
MISC
f5 — big-ip_advanced_web_application_firewall
On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
5
CVE-2021-22976
MISC
f5 — big-ip_advanced_web_application_firewall
On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
5.8
CVE-2021-22984
MISC
f5 — big-ip_domain_name_system
On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
6.5
CVE-2021-22982
MISC
foxitsoftware — foxit_reader
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11727.
2021-02-12
6.8
CVE-2020-27860
MISC
MISC
horde — groupware
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of x00x00x00 and x01x01x01 interferes with XSS defenses.
2021-02-14
4.3
CVE-2021-26929
MISC
MLIST
CONFIRM
MISC
MISC
ibm — spectrum_protect_operations_center
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.
2021-02-15
5.2
CVE-2020-4955
XF
CONFIRM
ibm — spectrum_protect_operations_center
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.
2021-02-15
4.8
CVE-2020-4954
XF
CONFIRM
logitec — lan-w300n/pr5b_firmware
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
2021-02-12
4.3
CVE-2021-20636
MISC
MISC
logitec — lan-w300n/pr5b_firmware
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
2021-02-12
4.3
CVE-2021-20637
MISC
MISC
logitec — lan-w300n/rs_firmware
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
2021-02-12
4.3
CVE-2021-20641
MISC
MISC
logitec — lan-w300n/rs_firmware
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
2021-02-12
4.3
CVE-2021-20642
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
2021-02-16
4
CVE-2020-35568
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.
2021-02-16
5.8
CVE-2020-35560
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.
2021-02-16
5
CVE-2020-35565
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.
2021-02-16
5
CVE-2020-35564
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.
2021-02-16
4
CVE-2020-35559
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in thein the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
2021-02-16
5
CVE-2020-35558
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
2021-02-16
5
CVE-2020-35570
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.
2021-02-16
4.3
CVE-2020-35569
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
2021-02-16
5
CVE-2020-35561
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.
2021-02-16
4.6
CVE-2020-35567
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.2. Inproper use of access validation allows a logged in user to see devices in the account he should not have access to.
2021-02-16
4
CVE-2020-35557
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion.
2021-02-16
5
CVE-2020-35566
MISC
MISC
nagios — nagios_xi
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.
2021-02-15
4.3
CVE-2021-25299
MISC
MISC
MISC
online_book_store_project — online_book_store
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
2021-02-17
5
CVE-2020-36003
MISC
MISC
MISC
open-emr — openemr
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
2021-02-15
6.5
CVE-2020-29142
MISC
MISC
MISC
MISC
MISC
openzfs — openzfs
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.
2021-02-12
5
CVE-2013-20001
MISC
MISC
php — php
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
2021-02-15
5
CVE-2021-21702
CONFIRM
DEBIAN
php — php
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
2021-02-15
5
CVE-2020-7071
CONFIRM
DEBIAN
seat-reservation-system_project — seat-reservation-system
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information.
2021-02-17
5
CVE-2020-36002
MISC
MISC
MISC
secomea — sitemanager_embedded
A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application. This issue affects all versions and variants of SM-E prior to version 9.3
2021-02-16
4.3
CVE-2020-29025
MISC
tp-link — archer_c5v_firmware
TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.
2021-02-13
4
CVE-2021-27210
MISC
xn--b1agzlht — fx_aggregator_terminal_client
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim’s account.
2021-02-12
5
CVE-2021-27188
MISC
MISC
xn--b1agzlht — fx_aggregator_terminal_client
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.
2021-02-12
5
CVE-2021-27187
MISC
MISC
Back to top
Low Vulnerabilities
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
atlassian — data_center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
2021-02-15
3.5
CVE-2020-36234
N/A
blackcat-cms — blackcat_cms
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
2021-02-16
3.5
CVE-2021-27237
MISC
MISC
MISC
dlink — dva-2800_firmware
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10912.
2021-02-12
3.3
CVE-2020-27863
MISC
MISC
f5 — big-ip_access_policy_manager
On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
2.6
CVE-2021-22978
MISC
f5 — big-ip_advanced_firewall_manager
On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
2021-02-12
3.5
CVE-2021-22983
MISC
ibm — maximo_for_civil_infrastructure
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622.
2021-02-18
3.5
CVE-2021-20446
XF
CONFIRM
ibm — spectrum_protect_operations_center
IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.
2021-02-15
2.3
CVE-2020-4956
XF
CONFIRM
logitec — lan-wh450n/gr_firmware
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.
2021-02-12
3.3
CVE-2021-20635
MISC
MISC
mbconnectline — mbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.
2021-02-16
3.5
CVE-2020-35563
MISC
MISC
nfstream — nfstream
An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).
2021-02-16
2.1
CVE-2020-25340
MISC
peel — peel_shopping
A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
2021-02-12
3.5
CVE-2021-27190
MISC
MISC
MISC
racom — m!dge_cellular_router_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.
2021-02-16
3.5
CVE-2021-20071
MISC
racom — m!dge_cellular_router_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.
2021-02-16
3.5
CVE-2021-20070
MISC
racom — m!dge_cellular_router_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.
2021-02-16
3.5
CVE-2021-20069
MISC
racom — m!dge_cellular_router_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.
2021-02-16
3.5
CVE-2021-20068
MISC
secomea — sitemanager_1129_firmware
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.
2021-02-16
3.5
CVE-2020-29027
MISC
tp-link — archer_c5v_firmware
In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.
2021-02-13
3.6
CVE-2021-27209
MISC
Back to top
Severity Not Yet Assigned
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
74cms — 74cms
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.
2021-02-17
not yet calculated
CVE-2020-35339
MISC
MISC
activepresenter — activepresenter
ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution.
2021-02-15
not yet calculated
CVE-2021-3375
MISC
agora — video_sdk
Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.
2021-02-17
not yet calculated
CVE-2020-25605
MISC
MISC
alfresco_enterprise — content_management
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
2021-02-19
not yet calculated
CVE-2020-12873
MISC
MISC
amaze — file_manager
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
2021-02-19
not yet calculated
CVE-2020-36246
MISC
MISC
apache — airflow
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.
2021-02-17
not yet calculated
CVE-2021-26697
MLIST
MLIST
MISC
MLIST
MLIST
apache — airflow
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.
2021-02-17
not yet calculated
CVE-2021-26559
MLIST
MISC
MLIST
apache — myfaces
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
2021-02-19
not yet calculated
CVE-2021-26296
FULLDISC
MISC
askey — multiple_devices
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
2021-02-19
not yet calculated
CVE-2021-27403
MISC
askey — multiple_devices
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
2021-02-19
not yet calculated
CVE-2021-27404
MISC
async-git — async-git
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset(‘atouch HACKEDb’)
2021-02-18
not yet calculated
CVE-2020-28490
MISC
MISC
MISC
atlassian — bitbucket_server_and_data_center
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
2021-02-18
not yet calculated
CVE-2020-36233
MISC
CERT-VN
baby_care_system — baby_care_system
Baby Care System v1.0 is vulnerable to SQL injection via the ‘id’ parameter on the contentsectionpage.php page.
2021-02-17
not yet calculated
CVE-2021-25779
MISC
baby_care_system — baby_care_system
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.
2021-02-17
not yet calculated
CVE-2021-25780
MISC
batflat — batlfat
** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user’s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2021-02-15
not yet calculated
CVE-2020-35734
MISC
MISC
MISC
MISC
bind — multiple_products
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND’s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
2021-02-17
not yet calculated
CVE-2020-8625
MLIST
MLIST
CONFIRM
MLIST
DEBIAN
bloodhound — bloodhound
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.
2021-02-19
not yet calculated
CVE-2021-3210
MISC
MISC
MISC
bolt — bolt
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.
2021-02-17
not yet calculated
CVE-2021-27367
MISC
MISC
canary_mail — canary_mail
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
2021-02-17
not yet calculated
CVE-2021-26911
MLIST
MISC
MISC
MISC
CONFIRM
MISC
casap — automated_enrollment_system
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.
2021-02-15
not yet calculated
CVE-2021-26201
MISC
centreon — 19.10-e17
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
2021-02-15
not yet calculated
CVE-2020-22425
MISC
MISC
chamilo — chamilo
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
2021-02-19
not yet calculated
CVE-2021-26746
CONFIRM
MISC
MISC
checkmk — checkmk
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory.
2021-02-19
not yet calculated
CVE-2020-24908
MISC
cisco — anyconnect_secure_mobilty_client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
2021-02-17
not yet calculated
CVE-2021-1366
CISCO
cisco — csdj
Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.
2021-02-17
not yet calculated
CVE-2021-20653
MISC
MISC
cisco — identity_services_engine
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.
2021-02-17
not yet calculated
CVE-2021-1416
CISCO
cisco — identity_services_engine
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.
2021-02-17
not yet calculated
CVE-2021-1412
CISCO
cisco — staros
A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device.
2021-02-17
not yet calculated
CVE-2021-1378
CISCO
cisco — webex_meetings
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
2021-02-17
not yet calculated
CVE-2021-1351
CISCO
cisco — webex_meetings_desktop_app_and_webex_productivity_tools
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.
2021-02-17
not yet calculated
CVE-2021-1372
CISCO
com.typesafe.akka:akka-http-core — com.typesafe.akka:akka-http-core
This affects all versions of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
2021-02-17
not yet calculated
CVE-2021-23339
MISC
MISC
d-bus — d-bus
A use-after-free flaw was found in D-Bus 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
2021-02-15
not yet calculated
CVE-2020-35512
MISC
das — u-boot
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
2021-02-17
not yet calculated
CVE-2021-27138
MISC
MISC
MISC
das — u-boot
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
2021-02-17
not yet calculated
CVE-2021-27097
MISC
MISC
MISC
debian — avahi_package
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
2021-02-17
not yet calculated
CVE-2021-26720
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
dekart — private_disk
In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.
2021-02-16
not yet calculated
CVE-2021-27203
MISC
MISC
dell — emc_avamar_server
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users’ backup data.
2021-02-15
not yet calculated
CVE-2021-21511
CONFIRM
dell — emc_powerprotect_cyber_recovery
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.
2021-02-19
not yet calculated
CVE-2021-21512
MISC
digi — connectport_x2e
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
2021-02-18
not yet calculated
CVE-2020-12878
MISC
MISC
MISC
digium — asterisk
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
2021-02-18
not yet calculated
CVE-2021-26906
MISC
FULLDISC
MISC
CONFIRM
CONFIRM
dji — mavic_2_remote_controller
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
2021-02-18
not yet calculated
CVE-2020-29664
MISC
MISC
MISC
MISC
docsify — docsify
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters
2021-02-19
not yet calculated
CVE-2021-23342
FULLDISC
MISC
MISC
MISC
doctor_appointment_system — doctor_apointment_system
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
2021-02-18
not yet calculated
CVE-2021-27124
MISC
MISC
MISC
e-learning_system — e-learning_system
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
2021-02-15
not yet calculated
CVE-2021-3239
MISC
MISC
MISC
endalia — selection_portal
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).
2021-02-18
not yet calculated
CVE-2020-35577
MISC
MISC
endian — firewall_community
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.
2021-02-15
not yet calculated
CVE-2021-27201
MISC
MISC
MISC
fedora_project — fedora_33
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
2021-02-15
not yet calculated
CVE-2021-23336
MLIST
MISC
MLIST
FEDORA
FEDORA
MISC
MISC
filezen — filezen
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
2021-02-17
not yet calculated
CVE-2021-20655
MISC
MISC
finalwire — aida64_engineer
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.
2021-02-19
not yet calculated
CVE-2020-19513
EXPLOIT-DB
friendica — friendica
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.
2021-02-18
not yet calculated
CVE-2021-27329
MISC
fuji — electric_v-server_lite
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
2021-02-19
not yet calculated
CVE-2020-25171
MISC
ge-digital — hmi/scada_ifix
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.
2021-02-18
not yet calculated
CVE-2019-18255
MISC
ge-digital — hmi/scada_ifix
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.
2021-02-18
not yet calculated
CVE-2019-18243
MISC
gerrit — gerrit_servers
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
2021-02-17
not yet calculated
CVE-2021-22553
CONFIRM
gnome — glib
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
2021-02-15
not yet calculated
CVE-2021-27218
MISC
MISC
gnome — glib
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
2021-02-15
not yet calculated
CVE-2021-27219
MISC
google — android
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.
2021-02-19
not yet calculated
CVE-2021-27351
MISC
gramaddict — gramaddict
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.
2021-02-17
not yet calculated
CVE-2020-36245
MISC
hestia — control_panel
Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer’s domain name, leading to spoofing of services or email messages.
2021-02-16
not yet calculated
CVE-2021-27231
MISC
MISC
hilscher — ethernet/ip_core_v2
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.
2021-02-16
not yet calculated
CVE-2021-20987
CONFIRM
CONFIRM
hilscher — profinet_io_device_v3
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.
2021-02-16
not yet calculated
CVE-2021-20986
CONFIRM
CONFIRM
ibm — jazz_reporting_service
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751.
2021-02-18
not yet calculated
CVE-2020-4933
XF
CONFIRM
ibm — maximo_for_civil_infrastructure
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.
2021-02-18
not yet calculated
CVE-2021-20445
XF
CONFIRM
ibm — maximo_for_civil_infrastructure
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620.
2021-02-18
not yet calculated
CVE-2021-20444
XF
CONFIRM
ibm — maximo_for_civil_infrastructure
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.
2021-02-18
not yet calculated
CVE-2021-20443
XF
CONFIRM
ibm — websphere_application_server
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.
2021-02-18
not yet calculated
CVE-2021-20354
XF
CONFIRM
intel — 10th_generation_core_processors
Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access.
2021-02-17
not yet calculated
CVE-2020-24491
MISC
intel — 700-series_ethernet_controllers
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24495
MISC
intel — 700-series_ethernet_controllers
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24493
MISC
intel — 700-series_ethernet_controllers
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24505
MISC
intel — 722_ethernet_controllers
Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24496
MISC
intel — 722_ethernet_controllers
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24494
MISC
intel — 722_ethernet_controllors
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24492
MISC
intel — 7360_cell_modem
Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access.
2021-02-17
not yet calculated
CVE-2020-24482
MISC
intel — collaboration_suite
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
2021-02-17
not yet calculated
CVE-2020-12339
MISC
intel — e810_ethernet_adaptor_driver
Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24502
MISC
intel — e810_ethernet_adaptor_drivers
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24504
MISC
intel — e810_ethernet_adaptor_drivers
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.
2021-02-17
not yet calculated
CVE-2020-24503
MISC
intel — e810_ethernet_controllers
Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24497
MISC
intel — e810_ethernet_controllers
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24498
MISC
intel — e810_ethernet_controllers
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24500
MISC
intel — e810_ethernet_controllers
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
2021-02-17
not yet calculated
CVE-2020-24501
MISC
intel — epid_sdk
Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-24453
MISC
intel — ethernet_i210_controller
Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-0523
MISC
intel — ethernet_i210_controller
Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-0525
MISC
intel — ethernet_i210_controller
Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-0524
MISC
intel — ethernet_i210_controller
Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-0522
MISC
intel — graphics_driver
Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-8678
MISC
intel — graphics_drivers
Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-0544
MISC
intel — graphics_drivers
Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12386
MISC
intel — graphics_drivers
Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12370
MISC
intel — graphics_drivers
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12367
MISC
intel — graphics_drivers
Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12365
MISC
intel — graphics_drivers
Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12366
MISC
intel — graphics_drivers
Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12373
MISC
intel — graphics_drivers
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12364
MISC
intel — graphics_drivers
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12368
MISC
intel — graphics_drivers
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12369
MISC
intel — graphics_drivers
Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-24450
MISC
intel — graphics_drivers
Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12371
MISC
intel — graphics_drivers
Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12372
MISC
intel — graphics_drivers
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12362
MISC
intel — graphics_drivers
Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12361
MISC
intel — graphics_drivers
Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12384
MISC
intel — graphics_drivers
Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12385
MISC
intel — graphics_drivers
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24448
MISC
intel — graphics_drivers
Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-0521
MISC
intel — graphics_drivers
Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-12363
MISC
intel — grpahics_driver
Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-24462
MISC
intel — hd_graphics_control_panel
Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-0518
MISC
intel — multiple_products
Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12380
MISC
intel — multiple_products
Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.
2021-02-17
not yet calculated
CVE-2020-12376
MISC
intel — multiple_products
Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12377
MISC
intel — multiple_products
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.
2021-02-19
not yet calculated
CVE-2020-12374
MISC
intel — multiple_products
Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-12375
MISC
intel — optane_dc_persistent_memory
Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-24451
MISC
intel — proset/wireless_wifi_and_killer_drivers
Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access.
2021-02-17
not yet calculated
CVE-2020-24458
MISC
intel — quartus_prime_pro
Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-24481
MISC
intel — realsense_dcm
Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-8765
MISC
intel — sgx_platform_software
Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24452
MISC
intel — soc_driver
Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2021-0109
MISC
intel — ssd_toolbox
Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-8701
MISC
intel — trace_analyzer_and_collector
Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.
2021-02-17
not yet calculated
CVE-2020-24485
MISC
intel — xtu
Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.
2021-02-17
not yet calculated
CVE-2020-24480
MISC
irfanview — irfanview
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.
2021-02-17
not yet calculated
CVE-2021-27362
MISC
MISC
irfanview — irfanview
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.
2021-02-17
not yet calculated
CVE-2021-27224
MISC
MISC
MISC
jackson-dataformat-cbor — jackson-dataformat-cbor
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
2021-02-18
not yet calculated
CVE-2020-28491
CONFIRM
CONFIRM
CONFIRM
jinjava — jinjava
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
2021-02-19
not yet calculated
CVE-2020-12668
MISC
MISC
MISC
MISC
MISC
jsdom — jsdom
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.
2021-02-16
not yet calculated
CVE-2021-20066
MISC
kollectapps — kollectapps
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter.
2021-02-18
not yet calculated
CVE-2021-27335
MISC
less-openui5 — less-openui5
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0.
2021-02-16
not yet calculated
CVE-2021-21316
MISC
MISC
MISC
CONFIRM
MISC
library_system — library_system
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.
2021-02-15
not yet calculated
CVE-2021-26200
MISC
linux — linux_kernel
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.
2021-02-17
not yet calculated
CVE-2021-26933
MISC
linux — linux_kernel
An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn’t stated accordingly in its support status entry.
2021-02-17
not yet calculated
CVE-2021-26934
MISC
linux — linux_kernel
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.
2021-02-19
not yet calculated
CVE-2020-35499
MISC
linux — linux_kernel
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn’t mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
2021-02-17
not yet calculated
CVE-2021-26930
MISC
linux — linux_kernel
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn’t correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
2021-02-17
not yet calculated
CVE-2021-26931
MISC
linux — linux_kernel
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
2021-02-17
not yet calculated
CVE-2021-26932
MISC
livy — livy
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users’ sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.
2021-02-20
not yet calculated
CVE-2021-26544
MLIST
CONFIRM
CONFIRM
lodash — lodash
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.
2021-02-15
not yet calculated
CVE-2021-23337
MISC
MISC
MISC
MISC
MISC
MISC
MISC
lodash — lodash
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require(‘lodash’); function build_blank (n) { var ret = “1” for (var i = 0; i < n; i++) { ret += ” ” } return ret + “1”; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() – time0; console.log(“time_cost0: ” + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() – time1; console.log(“time_cost1: ” + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() – time2; console.log(“time_cost2: ” + time_cost2)
2021-02-15
not yet calculated
CVE-2020-28500
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mailtrain — mailtrain
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
2021-02-19
not yet calculated
CVE-2020-24617
MISC
MISC
mcafee — web_gateway
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.
2021-02-17
not yet calculated
CVE-2021-23885
CONFIRM
metasys — reporting_engine_web_services
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.
2021-02-19
not yet calculated
CVE-2020-9050
CONFIRM
CERT
microweber — microweber
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.
2021-02-15
not yet calculated
CVE-2020-28337
MISC
MISC
MISC
mitsubishi — electric_fa_engineering_software
Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.
2021-02-19
not yet calculated
CVE-2021-20588
MISC
MISC
mitsubishi — electric_fa_engineering_software
Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.
2021-02-19
not yet calculated
CVE-2021-20587
MISC
MISC
modernflow — modernflow
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.
2021-02-19
not yet calculated
CVE-2021-3339
MISC
MISC
mumble — mumble
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
2021-02-16
not yet calculated
CVE-2021-27229
MISC
MISC
MISC
MLIST
mutare — voice
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue.
2021-02-16
not yet calculated
CVE-2021-27233
MISC
mutare — voice
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database.
2021-02-16
not yet calculated
CVE-2021-27235
MISC
mutare — voice
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.
2021-02-16
not yet calculated
CVE-2021-27234
MISC
mutare — voice
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.
2021-02-16
not yet calculated
CVE-2021-27236
MISC
nagios — xi_5.7.2
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.
2021-02-15
not yet calculated
CVE-2020-24899
MISC
nagiosxi — 5.6.11
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into a request.
2021-02-15
not yet calculated
CVE-2020-22427
MISC
netis — multiple_devices
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
2021-02-18
not yet calculated
CVE-2021-26747
MISC
MISC
node.js — node.js
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.
2021-02-19
not yet calculated
CVE-2021-27405
MISC
MISC
MISC
node.js — node.js
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
2021-02-19
not yet calculated
CVE-2021-3189
MISC
MISC
node.js — node.js
The System Information Library for Node.JS (npm package “systeminformation”) is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() … do only allow strings, reject any arrays. String sanitation works as expected.
2021-02-16
not yet calculated
CVE-2021-21315
MISC
CONFIRM
MISC
ondemand — ondemand
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
2021-02-19
not yet calculated
CVE-2020-36247
MISC
opc_ua.net — opc_ua.net
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.
2021-02-16
not yet calculated
CVE-2020-29457
MISC
CONFIRM
MISC
opencast — opencast
Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2.
2021-02-18
not yet calculated
CVE-2021-21318
MISC
CONFIRM
openemr — openemr
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
2021-02-15
not yet calculated
CVE-2020-29140
MISC
MISC
MISC
MISC
MISC
openemr — openemr
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
2021-02-15
not yet calculated
CVE-2020-29143
MISC
MISC
MISC
MISC
openemr — openemr
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.
2021-02-15
not yet calculated
CVE-2020-29139
MISC
MISC
MISC
MISC
openldap — openldap
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
2021-02-14
not yet calculated
CVE-2021-27212
MISC
MISC
MISC
MLIST
opennms — meridian
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
2021-02-17
not yet calculated
CVE-2021-3396
MISC
CONFIRM
openrepeater — openrepeater
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
2021-02-19
not yet calculated
CVE-2019-25024
MISC
MISC
openssl — opensll
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
2021-02-16
not yet calculated
CVE-2021-23841
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM
openssl — opensll
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
2021-02-16
not yet calculated
CVE-2021-23840
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM
openssl — openssl
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).
2021-02-16
not yet calculated
CVE-2021-23839
CONFIRM
CONFIRM
CONFIRM
owncloud — owncloud
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
2021-02-19
not yet calculated
CVE-2020-36250
MISC
owncloud — owncloud
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
2021-02-19
not yet calculated
CVE-2020-36252
MISC
owncloud — owncloud
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else’s access to that share.
2021-02-19
not yet calculated
CVE-2020-36251
MISC
owncloud — owncloud
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
2021-02-19
not yet calculated
CVE-2020-36249
MISC
owncloud — owncloud
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
2021-02-19
not yet calculated
CVE-2020-36248
MISC
owncloud — owncloud
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
2021-02-19
not yet calculated
CVE-2020-10254
MISC
CONFIRM
MISC
owncloud — owncloud
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
2021-02-19
not yet calculated
CVE-2020-10252
MISC
CONFIRM
MISC
pelco — digital_sentry_server
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.
2021-02-16
not yet calculated
CVE-2021-27232
MISC
MISC
phpgurukul — car_rental_project
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.
2021-02-17
not yet calculated
CVE-2021-26809
MISC
MISC
pi-hole — pi-hole
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.
2021-02-18
not yet calculated
CVE-2020-35592
MISC
MISC
pi-hole — pi-hole
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user’s account through the active session.
2021-02-18
not yet calculated
CVE-2020-35591
MISC
MISC
pimcore — pimcore
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.
2021-02-18
not yet calculated
CVE-2021-23340
MISC
MISC
MISC
pnglmg — pnglmg
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
2021-02-20
not yet calculated
CVE-2020-28248
MISC
MISC
MISC
MISC
powerlogic — multiple_products
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.
2021-02-19
not yet calculated
CVE-2021-22701
MISC
powerlogic — multiple_products
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.
2021-02-19
not yet calculated
CVE-2021-22703
MISC
powerlogic — multiple_products
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.
2021-02-19
not yet calculated
CVE-2021-22702
MISC
pressbooks — pressbooks
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info’s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
2021-02-18
not yet calculated
CVE-2021-3271
MISC
MISC
MISC
prism-asciidoc — prism-asciidoc
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.
2021-02-18
not yet calculated
CVE-2021-23341
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
property_management_system — property_management_system
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.
2021-02-17
not yet calculated
CVE-2021-22858
CONFIRM
MISC
prototye_pollution — prototype_pollution
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
2021-02-18
not yet calculated
CVE-2020-28499
CONFIRM
CONFIRM
CONFIRM
qlib — qlib
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
2021-02-15
not yet calculated
CVE-2021-23338
MISC
MISC
qnap — nas_devices
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
2021-02-17
not yet calculated
CVE-2020-2501
MISC
qnap — photo_station
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later
2021-02-17
not yet calculated
CVE-2020-2502
MISC
racom — midge_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.
2021-02-16
not yet calculated
CVE-2021-20074
MISC
racom — midge_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.
2021-02-16
not yet calculated
CVE-2021-20067
MISC
racom — midge_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.
2021-02-16
not yet calculated
CVE-2021-20073
MISC
racom — midge_firmware
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.
2021-02-16
not yet calculated
CVE-2021-20072
MISC
reportlab — reportlab
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab’s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src=”http://127.0.0.1:5000″ valign=”top”/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF
2021-02-18
not yet calculated
CVE-2020-28463
CONFIRM
CONFIRM
rust — rust
An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.
2021-02-18
not yet calculated
CVE-2021-27377
MISC
rust — rust
An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures.
2021-02-18
not yet calculated
CVE-2021-27376
MISC
rust — rust
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.
2021-02-18
not yet calculated
CVE-2021-27378
MISC
sangoma — asterisk
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.
2021-02-18
not yet calculated
CVE-2021-26717
MISC
FULLDISC
MISC
CONFIRM
CONFIRM
sangoma — asterisk
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
2021-02-19
not yet calculated
CVE-2021-26713
MISC
MISC
MISC
sangoma — asterisk
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
2021-02-18
not yet calculated
CVE-2020-35776
MISC
FULLDISC
CONFIRM
MISC
CONFIRM
sangoma — asterisk
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
2021-02-18
not yet calculated
CVE-2021-26712
MISC
FULLDISC
MISC
CONFIRM
CONFIRM
secomea — gatemanager
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
2021-02-15
not yet calculated
CVE-2020-29031
MISC
secomea — gatemanager
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.
2021-02-15
not yet calculated
CVE-2020-29026
MISC
secomea — gatemanager
Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
2021-02-16
not yet calculated
CVE-2020-29024
MISC
secomea — gatemanager
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim’s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.
2021-02-16
not yet calculated
CVE-2020-29023
MISC
CONFIRM
secomea — gatemanager
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
2021-02-16
not yet calculated
CVE-2020-29022
MISC
smartstorenet — smartstorenet
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).
2021-02-19
not yet calculated
CVE-2020-27997
MISC
MISC
soar — cloud_system
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
2021-02-17
not yet calculated
CVE-2021-22855
CONFIRM
MISC
soar — cloud_system
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.
2021-02-17
not yet calculated
CVE-2021-22853
CONFIRM
MISC
soar — cloud_system
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
2021-02-17
not yet calculated
CVE-2021-22854
CONFIRM
MISC
steghide — steghide
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.
2021-02-15
not yet calculated
CVE-2021-27211
MISC
MISC
MISC
sytech — xl_reporter
An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.
2021-02-19
not yet calculated
CVE-2020-13549
MISC
teachers_record_management_system — teachers_record_management_system
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in ‘searchteacher’ POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
2021-02-15
not yet calculated
CVE-2021-26822
MISC
MISC
telsa — solarcity_solar_monitoring_gateway
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a “Use of Hard-coded Credentials” issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.
2021-02-18
not yet calculated
CVE-2020-9306
CONFIRM
MISC
MISC
MISC
testes_de_codigo — testes_de_codigo
Mobile application “Testes de Codigo” 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters “isAdmin” and “isPremium” located on device storage.
2021-02-16
not yet calculated
CVE-2021-25648
MISC
three — three
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require(‘three’) function build_blank (n) { var ret = “rgb(” for (var i = 0; i < n; i++) { ret += ” ” } return ret + “”; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() – time; console.log(time_cost+” ms”)
2021-02-18
not yet calculated
CVE-2020-28496
MISC
MISC
MISC
MISC
traefik — traefik
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains.
2021-02-18
not yet calculated
CVE-2021-27375
MISC
CONFIRM
uap-core — uap-core
uap-core in an open-source npm package which contains the core of BrowserScope’s original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.
2021-02-16
not yet calculated
CVE-2021-21317
MISC
CONFIRM
MISC
uprism — uprism
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.
2021-02-17
not yet calculated
CVE-2020-7849
MISC
vertigis — weboffice
VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve “Zugriff auf Inhalte der WebOffice Applikation.”
2021-02-17
not yet calculated
CVE-2021-27374
MISC
MISC
visualware — myconnection_server
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.
2021-02-19
not yet calculated
CVE-2021-27509
MISC
voloko– twitter-stream
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
2021-02-19
not yet calculated
CVE-2020-24392
MISC
MISC
voloko– twitter-stream
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.
2021-02-19
not yet calculated
CVE-2020-24393
MISC
MISC
webware — webdesktop
SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.
2021-02-19
not yet calculated
CVE-2021-3204
MISC
wireshark — wireshark
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
2021-02-17
not yet calculated
CVE-2021-22174
CONFIRM
MISC
MISC
wireshark — wireshark
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
2021-02-17
not yet calculated
CVE-2021-22173
CONFIRM
MISC
MISC
xen — xen
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.
2021-02-18
not yet calculated
CVE-2021-27379
MISC
yeastar — neogate_devices
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.
2021-02-19
not yet calculated
CVE-2021-27328
MISC
MISC
zoho — manageengine_adselfservice_plus
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
2021-02-19
not yet calculated
CVE-2021-27214
MISC
MISC
Back to top
This product is provided subject to this Notification and this Privacy & Use policy.Original release date: February 22, 2021
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accellion — fta | Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | 2021-02-16 | 7.2 | CVE-2021-27102 MISC MISC |
accellion — fta | Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later. | 2021-02-16 | 10 | CVE-2021-27104 MISC MISC |
accellion — fta | Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later. | 2021-02-16 | 7.5 | CVE-2021-27103 MISC MISC |
accellion — fta | Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later. | 2021-02-16 | 7.5 | CVE-2021-27101 MISC MISC |
advantech — webaccess/scada | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 2021-02-17 | 7.2 | CVE-2020-13555 MISC |
advantech — webaccess/scada | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 2021-02-17 | 7.2 | CVE-2020-13553 MISC |
advantech — webaccess/scada | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 2021-02-17 | 7.2 | CVE-2020-13552 MISC |
advantech — webaccess/scada | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 2021-02-17 | 7.2 | CVE-2020-13551 MISC |
citsmart — citsmart | CITSmart before 9.1.2.23 allows LDAP Injection. | 2021-02-15 | 7.5 | CVE-2020-35775 MISC CONFIRM MISC MISC |
dlink — dap-1860_firmware | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880. | 2021-02-12 | 8.3 | CVE-2020-27864 MISC MISC |
dlink — dap-1860_firmware | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894. | 2021-02-12 | 8.3 | CVE-2020-27865 MISC MISC |
elecom — wrc-300febk-s_firmware | ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 2021-02-12 | 7.7 | CVE-2021-20648 MISC MISC |
iptime — c200_firmware | The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value. | 2021-02-17 | 7.7 | CVE-2020-7848 MISC |
limesurvey — limesurvey | LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. | 2021-02-14 | 7.5 | CVE-2019-25019 MISC MISC |
logitec — lan-w300n/pgrb_firmware | Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors. | 2021-02-12 | 7.7 | CVE-2021-20640 MISC MISC |
logitec — lan-w300n/pgrb_firmware | LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. | 2021-02-12 | 7.7 | CVE-2021-20639 MISC MISC |
logitec — lan-w300n/pgrb_firmware | LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. | 2021-02-12 | 7.7 | CVE-2021-20638 MISC MISC |
microfocus — operations_bridge_manager | Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server. | 2021-02-12 | 10 | CVE-2021-22504 MISC |
nagios — nagios_xi | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | 2021-02-15 | 9 | CVE-2021-25298 MISC MISC MISC |
nagios — nagios_xi | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | 2021-02-15 | 9 | CVE-2021-25297 MISC MISC MISC |
nagios — nagios_xi | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | 2021-02-15 | 9 | CVE-2021-25296 MISC MISC MISC |
netgear — ac2100_firmware | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653. | 2021-02-12 | 7.7 | CVE-2020-27867 MISC MISC |
netgear — ac2100_firmware | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355. | 2021-02-12 | 8.3 | CVE-2020-27866 MISC MISC |
netgear — cbk40_firmware | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. | 2021-02-12 | 8.3 | CVE-2020-27861 MISC MISC |
pelco — digital_sentry_server | DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn’t check if it’s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with “OBJECT classid=” and “<SCRIPT language=’vbscript’>”) to overwrite arbitrary files. | 2021-02-12 | 8.8 | CVE-2021-27197 MISC MISC |
pystemon_project — pystemon | config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | 2021-02-14 | 7.5 | CVE-2021-27213 MISC MISC |
qognify — ocularis | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257. | 2021-02-12 | 10 | CVE-2020-27868 MISC MISC |
racom — m!dge_cellular_router_firmware | Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. | 2021-02-16 | 7.2 | CVE-2021-20075 MISC |
sdg — pnpscada | PNPSCADA 2.200816204020 allows SQL injection via parameter ‘interf’ in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | 2021-02-16 | 7.5 | CVE-2020-24841 MISC MISC |
solarwinds — network_performance_monitor | This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804. | 2021-02-12 | 9 | CVE-2020-27869 MISC |
zscaler — client_connector | The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | 2021-02-16 | 7.2 | CVE-2020-11635 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
advantech — webaccess/scada | A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | 2021-02-17 | 4 | CVE-2020-13550 MISC |
apache — thrift | In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | 2021-02-12 | 5 | CVE-2020-13949 MLIST MLIST MLIST MLIST MLIST MISC MLIST MLIST MLIST MLIST MLIST |
atlassian — data_center | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. | 2021-02-15 | 5 | CVE-2020-36237 MISC |
atlassian — data_center | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1. | 2021-02-15 | 4 | CVE-2020-29451 MISC |
atlassian — jira | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1. | 2021-02-15 | 5 | CVE-2020-36235 MISC |
atlassian — jira | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | 2021-02-15 | 4.3 | CVE-2020-36236 MISC |
changjia_property_management_system_project — changjia_property_management_system | The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege. | 2021-02-17 | 5 | CVE-2021-22856 CONFIRM MISC |
changjia_property_management_system_project — changjia_property_management_system | The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily. | 2021-02-17 | 5 | CVE-2021-22857 CONFIRM MISC |
deepnetsecurity — dualshield | DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an “unknown username” error message. | 2021-02-16 | 5 | CVE-2020-28918 MISC MISC |
dlink — dva-2800_firmware | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911. | 2021-02-12 | 5.8 | CVE-2020-27862 MISC MISC |
elecom — file_manager | Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors. | 2021-02-12 | 6.4 | CVE-2021-20651 MISC MISC |
elecom — ld-ps/u1_firmware | Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request. | 2021-02-12 | 5 | CVE-2021-20643 MISC MISC |
elecom — ncc-ewf100rmwh2_firmware | Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | 2021-02-12 | 4.3 | CVE-2021-20650 MISC MISC |
elecom — wrc-1467ghbk-a_firmware | ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user’s web browser by displaying a specially crafted SSID on the web setup page. | 2021-02-12 | 4.3 | CVE-2021-20644 MISC MISC |
elecom — wrc-300febk-a_firmware | Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | 2021-02-12 | 4.3 | CVE-2021-20645 MISC MISC |
elecom — wrc-300febk-a_firmware | Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | 2021-02-12 | 4.3 | CVE-2021-20646 MISC MISC |
elecom — wrc-300febk-s_firmware | ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. | 2021-02-12 | 5.8 | CVE-2021-20649 MISC MISC |
elecom — wrc-300febk-s_firmware | Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | 2021-02-12 | 4.3 | CVE-2021-20647 MISC MISC |
f5 — access_policy_manager_clients | In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 6.9 | CVE-2021-22980 MISC |
f5 — big-ip_access_policy_manager | On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 4.3 | CVE-2021-22979 MISC |
f5 — big-ip_access_policy_manager | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 4.3 | CVE-2021-22975 MISC |
f5 — big-ip_access_policy_manager | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 6 | CVE-2021-22974 MISC |
f5 — big-ip_access_policy_manager | On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 5.8 | CVE-2021-22981 MISC |
f5 — big-ip_access_policy_manager | On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 5 | CVE-2021-22977 MISC |
f5 — big-ip_access_policy_manager | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 5 | CVE-2021-22973 MISC |
f5 — big-ip_advanced_web_application_firewall | On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 5 | CVE-2021-22976 MISC |
f5 — big-ip_advanced_web_application_firewall | On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 5.8 | CVE-2021-22984 MISC |
f5 — big-ip_domain_name_system | On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 6.5 | CVE-2021-22982 MISC |
foxitsoftware — foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11727. | 2021-02-12 | 6.8 | CVE-2020-27860 MISC MISC |
horde — groupware | An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of x00x00x00 and x01x01x01 interferes with XSS defenses. | 2021-02-14 | 4.3 | CVE-2021-26929 MISC MLIST CONFIRM MISC MISC |
ibm — spectrum_protect_operations_center | IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155. | 2021-02-15 | 5.2 | CVE-2020-4955 XF CONFIRM |
ibm — spectrum_protect_operations_center | IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153. | 2021-02-15 | 4.8 | CVE-2020-4954 XF CONFIRM |
logitec — lan-w300n/pr5b_firmware | Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted. | 2021-02-12 | 4.3 | CVE-2021-20636 MISC MISC |
logitec — lan-w300n/pr5b_firmware | Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. | 2021-02-12 | 4.3 | CVE-2021-20637 MISC MISC |
logitec — lan-w300n/rs_firmware | Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted. | 2021-02-12 | 4.3 | CVE-2021-20641 MISC MISC |
logitec — lan-w300n/rs_firmware | Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. | 2021-02-12 | 4.3 | CVE-2021-20642 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account. | 2021-02-16 | 4 | CVE-2020-35568 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php. | 2021-02-16 | 5.8 | CVE-2020-35560 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default. | 2021-02-16 | 5 | CVE-2020-35565 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code. | 2021-02-16 | 5 | CVE-2020-35564 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users. | 2021-02-16 | 4 | CVE-2020-35559 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in thein the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials. | 2021-02-16 | 5 | CVE-2020-35558 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing. | 2021-02-16 | 5 | CVE-2020-35570 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page. | 2021-02-16 | 4.3 | CVE-2020-35569 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports. | 2021-02-16 | 5 | CVE-2020-35561 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances. | 2021-02-16 | 4.6 | CVE-2020-35567 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.2. Inproper use of access validation allows a logged in user to see devices in the account he should not have access to. | 2021-02-16 | 4 | CVE-2020-35557 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion. | 2021-02-16 | 5 | CVE-2020-35566 MISC MISC |
nagios — nagios_xi | Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server. | 2021-02-15 | 4.3 | CVE-2021-25299 MISC MISC MISC |
online_book_store_project — online_book_store | The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. | 2021-02-17 | 5 | CVE-2020-36003 MISC MISC MISC |
open-emr — openemr | A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings. | 2021-02-15 | 6.5 | CVE-2020-29142 MISC MISC MISC MISC MISC |
openzfs — openzfs | An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. | 2021-02-12 | 5 | CVE-2013-20001 MISC MISC |
php — php | In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. | 2021-02-15 | 5 | CVE-2021-21702 CONFIRM DEBIAN |
php — php | In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. | 2021-02-15 | 5 | CVE-2020-7071 CONFIRM DEBIAN |
seat-reservation-system_project — seat-reservation-system | Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information. | 2021-02-17 | 5 | CVE-2020-36002 MISC MISC MISC |
secomea — sitemanager_embedded | A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application. This issue affects all versions and variants of SM-E prior to version 9.3 | 2021-02-16 | 4.3 | CVE-2020-29025 MISC |
tp-link — archer_c5v_firmware | TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | 2021-02-13 | 4 | CVE-2021-27210 MISC |
xn--b1agzlht — fx_aggregator_terminal_client | The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim’s account. | 2021-02-12 | 5 | CVE-2021-27188 MISC MISC |
xn--b1agzlht — fx_aggregator_terminal_client | The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked. | 2021-02-12 | 5 | CVE-2021-27187 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
atlassian — data_center | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | 2021-02-15 | 3.5 | CVE-2020-36234 N/A |
blackcat-cms — blackcat_cms | The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | 2021-02-16 | 3.5 | CVE-2021-27237 MISC MISC MISC |
dlink — dva-2800_firmware | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10912. | 2021-02-12 | 3.3 | CVE-2020-27863 MISC MISC |
f5 — big-ip_access_policy_manager | On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 2.6 | CVE-2021-22978 MISC |
f5 — big-ip_advanced_firewall_manager | On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | 2021-02-12 | 3.5 | CVE-2021-22983 MISC |
ibm — maximo_for_civil_infrastructure | IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622. | 2021-02-18 | 3.5 | CVE-2021-20446 XF CONFIRM |
ibm — spectrum_protect_operations_center | IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156. | 2021-02-15 | 2.3 | CVE-2020-4956 XF CONFIRM |
logitec — lan-wh450n/gr_firmware | Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. | 2021-02-12 | 3.3 | CVE-2021-20635 MISC MISC |
mbconnectline — mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page. | 2021-02-16 | 3.5 | CVE-2020-35563 MISC MISC |
nfstream — nfstream | An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS). | 2021-02-16 | 2.1 | CVE-2020-25340 MISC |
peel — peel_shopping | A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc. | 2021-02-12 | 3.5 | CVE-2021-27190 MISC MISC MISC |
racom — m!dge_cellular_router_firmware | Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. | 2021-02-16 | 3.5 | CVE-2021-20071 MISC |
racom — m!dge_cellular_router_firmware | Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. | 2021-02-16 | 3.5 | CVE-2021-20070 MISC |
racom — m!dge_cellular_router_firmware | Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. | 2021-02-16 | 3.5 | CVE-2021-20069 MISC |
racom — m!dge_cellular_router_firmware | Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. | 2021-02-16 | 3.5 | CVE-2021-20068 MISC |
secomea — sitemanager_1129_firmware | Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3. | 2021-02-16 | 3.5 | CVE-2020-29027 MISC |
tp-link — archer_c5v_firmware | In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. | 2021-02-13 | 3.6 | CVE-2021-27209 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
74cms — 74cms |
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | 2021-02-17 | not yet calculated | CVE-2020-35339 MISC MISC |
activepresenter — activepresenter |
ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution. | 2021-02-15 | not yet calculated | CVE-2021-3375 MISC |
agora — video_sdk |
Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic. | 2021-02-17 | not yet calculated | CVE-2020-25605 MISC MISC |
alfresco_enterprise — content_management |
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. | 2021-02-19 | not yet calculated | CVE-2020-12873 MISC MISC |
amaze — file_manager |
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | 2021-02-19 | not yet calculated | CVE-2020-36246 MISC MISC |
apache — airflow |
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0. | 2021-02-17 | not yet calculated | CVE-2021-26697 MLIST MLIST MISC MLIST MLIST |
apache — airflow |
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. | 2021-02-17 | not yet calculated | CVE-2021-26559 MLIST MISC MLIST |
apache — myfaces |
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. | 2021-02-19 | not yet calculated | CVE-2021-26296 FULLDISC MISC |
askey — multiple_devices |
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. | 2021-02-19 | not yet calculated | CVE-2021-27403 MISC |
askey — multiple_devices |
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. | 2021-02-19 | not yet calculated | CVE-2021-27404 MISC |
async-git — async-git |
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset(‘atouch HACKEDb’) | 2021-02-18 | not yet calculated | CVE-2020-28490 MISC MISC MISC |
atlassian — bitbucket_server_and_data_center |
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | 2021-02-18 | not yet calculated | CVE-2020-36233 MISC CERT-VN |
baby_care_system — baby_care_system |
Baby Care System v1.0 is vulnerable to SQL injection via the ‘id’ parameter on the contentsectionpage.php page. | 2021-02-17 | not yet calculated | CVE-2021-25779 MISC |
baby_care_system — baby_care_system |
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. | 2021-02-17 | not yet calculated | CVE-2021-25780 MISC |
batflat — batlfat |
** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user’s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-02-15 | not yet calculated | CVE-2020-35734 MISC MISC MISC MISC |
bind — multiple_products |
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND’s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch | 2021-02-17 | not yet calculated | CVE-2020-8625 MLIST MLIST CONFIRM MLIST DEBIAN |
bloodhound — bloodhound |
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter. | 2021-02-19 | not yet calculated | CVE-2021-3210 MISC MISC MISC |
bolt — bolt |
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. | 2021-02-17 | not yet calculated | CVE-2021-27367 MISC MISC |
canary_mail — canary_mail |
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. | 2021-02-17 | not yet calculated | CVE-2021-26911 MLIST MISC MISC MISC CONFIRM MISC |
casap — automated_enrollment_system |
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page. | 2021-02-15 | not yet calculated | CVE-2021-26201 MISC |
centreon — 19.10-e17 |
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. | 2021-02-15 | not yet calculated | CVE-2020-22425 MISC MISC |
chamilo — chamilo |
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. | 2021-02-19 | not yet calculated | CVE-2021-26746 CONFIRM MISC MISC |
checkmk — checkmk |
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory. | 2021-02-19 | not yet calculated | CVE-2020-24908 MISC |
cisco — anyconnect_secure_mobilty_client |
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. | 2021-02-17 | not yet calculated | CVE-2021-1366 CISCO |
cisco — csdj |
Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors. | 2021-02-17 | not yet calculated | CVE-2021-20653 MISC MISC |
cisco — identity_services_engine | Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-02-17 | not yet calculated | CVE-2021-1416 CISCO |
cisco — identity_services_engine |
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-02-17 | not yet calculated | CVE-2021-1412 CISCO |
cisco — staros | A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device. | 2021-02-17 | not yet calculated | CVE-2021-1378 CISCO |
cisco — webex_meetings |
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2021-02-17 | not yet calculated | CVE-2021-1351 CISCO |
cisco — webex_meetings_desktop_app_and_webex_productivity_tools |
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system. | 2021-02-17 | not yet calculated | CVE-2021-1372 CISCO |
com.typesafe.akka:akka-http-core — com.typesafe.akka:akka-http-core |
This affects all versions of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers. | 2021-02-17 | not yet calculated | CVE-2021-23339 MISC MISC |
d-bus — d-bus |
A use-after-free flaw was found in D-Bus 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors | 2021-02-15 | not yet calculated | CVE-2020-35512 MISC |
das — u-boot |
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. | 2021-02-17 | not yet calculated | CVE-2021-27138 MISC MISC MISC |
das — u-boot |
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. | 2021-02-17 | not yet calculated | CVE-2021-27097 MISC MISC MISC |
debian — avahi_package |
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. | 2021-02-17 | not yet calculated | CVE-2021-26720 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
dekart — private_disk |
In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing. | 2021-02-16 | not yet calculated | CVE-2021-27203 MISC MISC |
dell — emc_avamar_server |
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users’ backup data. | 2021-02-15 | not yet calculated | CVE-2021-21511 CONFIRM |
dell — emc_powerprotect_cyber_recovery |
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. | 2021-02-19 | not yet calculated | CVE-2021-21512 MISC |
digi — connectport_x2e |
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | 2021-02-18 | not yet calculated | CVE-2020-12878 MISC MISC MISC |
digium — asterisk |
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. | 2021-02-18 | not yet calculated | CVE-2021-26906 MISC FULLDISC MISC CONFIRM CONFIRM |
dji — mavic_2_remote_controller |
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | 2021-02-18 | not yet calculated | CVE-2020-29664 MISC MISC MISC MISC |
docsify — docsify |
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters | 2021-02-19 | not yet calculated | CVE-2021-23342 FULLDISC MISC MISC MISC |
doctor_appointment_system — doctor_apointment_system |
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. | 2021-02-18 | not yet calculated | CVE-2021-27124 MISC MISC MISC |
e-learning_system — e-learning_system |
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. | 2021-02-15 | not yet calculated | CVE-2021-3239 MISC MISC MISC |
endalia — selection_portal |
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number). | 2021-02-18 | not yet calculated | CVE-2020-35577 MISC MISC |
endian — firewall_community |
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. | 2021-02-15 | not yet calculated | CVE-2021-27201 MISC MISC MISC |
fedora_project — fedora_33 |
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | 2021-02-15 | not yet calculated | CVE-2021-23336 MLIST MISC MLIST FEDORA FEDORA MISC MISC |
filezen — filezen |
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 2021-02-17 | not yet calculated | CVE-2021-20655 MISC MISC |
finalwire — aida64_engineer |
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. | 2021-02-19 | not yet calculated | CVE-2020-19513 EXPLOIT-DB |
friendica — friendica |
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. | 2021-02-18 | not yet calculated | CVE-2021-27329 MISC |
fuji — electric_v-server_lite |
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | 2021-02-19 | not yet calculated | CVE-2020-25171 MISC |
ge-digital — hmi/scada_ifix |
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. | 2021-02-18 | not yet calculated | CVE-2019-18255 MISC |
ge-digital — hmi/scada_ifix |
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. | 2021-02-18 | not yet calculated | CVE-2019-18243 MISC |
gerrit — gerrit_servers |
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above. | 2021-02-17 | not yet calculated | CVE-2021-22553 CONFIRM |
gnome — glib |
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | 2021-02-15 | not yet calculated | CVE-2021-27218 MISC MISC |
gnome — glib |
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | 2021-02-15 | not yet calculated | CVE-2021-27219 MISC |
google — android |
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. | 2021-02-19 | not yet calculated | CVE-2021-27351 MISC |
gramaddict — gramaddict |
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network. | 2021-02-17 | not yet calculated | CVE-2020-36245 MISC |
hestia — control_panel |
Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer’s domain name, leading to spoofing of services or email messages. | 2021-02-16 | not yet calculated | CVE-2021-27231 MISC MISC |
hilscher — ethernet/ip_core_v2 |
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. | 2021-02-16 | not yet calculated | CVE-2021-20987 CONFIRM CONFIRM |
hilscher — profinet_io_device_v3 |
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication. | 2021-02-16 | not yet calculated | CVE-2021-20986 CONFIRM CONFIRM |
ibm — jazz_reporting_service |
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751. | 2021-02-18 | not yet calculated | CVE-2020-4933 XF CONFIRM |
ibm — maximo_for_civil_infrastructure |
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. | 2021-02-18 | not yet calculated | CVE-2021-20445 XF CONFIRM |
ibm — maximo_for_civil_infrastructure |
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620. | 2021-02-18 | not yet calculated | CVE-2021-20444 XF CONFIRM |
ibm — maximo_for_civil_infrastructure |
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619. | 2021-02-18 | not yet calculated | CVE-2021-20443 XF CONFIRM |
ibm — websphere_application_server |
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. | 2021-02-18 | not yet calculated | CVE-2021-20354 XF CONFIRM |
intel — 10th_generation_core_processors |
Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. | 2021-02-17 | not yet calculated | CVE-2020-24491 MISC |
intel — 700-series_ethernet_controllers |
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24495 MISC |
intel — 700-series_ethernet_controllers |
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24493 MISC |
intel — 700-series_ethernet_controllers |
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24505 MISC |
intel — 722_ethernet_controllers |
Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24496 MISC |
intel — 722_ethernet_controllers |
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24494 MISC |
intel — 722_ethernet_controllors |
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24492 MISC |
intel — 7360_cell_modem |
Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access. | 2021-02-17 | not yet calculated | CVE-2020-24482 MISC |
intel — collaboration_suite |
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | 2021-02-17 | not yet calculated | CVE-2020-12339 MISC |
intel — e810_ethernet_adaptor_driver |
Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24502 MISC |
intel — e810_ethernet_adaptor_drivers |
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24504 MISC |
intel — e810_ethernet_adaptor_drivers |
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access. | 2021-02-17 | not yet calculated | CVE-2020-24503 MISC |
intel — e810_ethernet_controllers |
Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24497 MISC |
intel — e810_ethernet_controllers |
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24498 MISC |
intel — e810_ethernet_controllers |
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24500 MISC |
intel — e810_ethernet_controllers |
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2021-02-17 | not yet calculated | CVE-2020-24501 MISC |
intel — epid_sdk |
Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-24453 MISC |
intel — ethernet_i210_controller |
Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-0523 MISC |
intel — ethernet_i210_controller |
Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-0525 MISC |
intel — ethernet_i210_controller |
Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-0524 MISC |
intel — ethernet_i210_controller |
Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-0522 MISC |
intel — graphics_driver |
Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-8678 MISC |
intel — graphics_drivers | Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-0544 MISC |
intel — graphics_drivers | Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12386 MISC |
intel — graphics_drivers | Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12370 MISC |
intel — graphics_drivers | Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12367 MISC |
intel — graphics_drivers | Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12365 MISC |
intel — graphics_drivers | Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12366 MISC |
intel — graphics_drivers | Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12373 MISC |
intel — graphics_drivers |
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12364 MISC |
intel — graphics_drivers |
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12368 MISC |
intel — graphics_drivers |
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12369 MISC |
intel — graphics_drivers |
Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-24450 MISC |
intel — graphics_drivers |
Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12371 MISC |
intel — graphics_drivers |
Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12372 MISC |
intel — graphics_drivers |
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12362 MISC |
intel — graphics_drivers |
Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12361 MISC |
intel — graphics_drivers |
Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12384 MISC |
intel — graphics_drivers |
Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12385 MISC |
intel — graphics_drivers |
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24448 MISC |
intel — graphics_drivers |
Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-0521 MISC |
intel — graphics_drivers |
Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-12363 MISC |
intel — grpahics_driver |
Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-24462 MISC |
intel — hd_graphics_control_panel |
Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-0518 MISC |
intel — multiple_products | Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12380 MISC |
intel — multiple_products | Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. | 2021-02-17 | not yet calculated | CVE-2020-12376 MISC |
intel — multiple_products | Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12377 MISC |
intel — multiple_products |
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. | 2021-02-19 | not yet calculated | CVE-2020-12374 MISC |
intel — multiple_products |
Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-12375 MISC |
intel — optane_dc_persistent_memory |
Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-24451 MISC |
intel — proset/wireless_wifi_and_killer_drivers |
Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access. | 2021-02-17 | not yet calculated | CVE-2020-24458 MISC |
intel — quartus_prime_pro |
Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-24481 MISC |
intel — realsense_dcm | Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-8765 MISC |
intel — sgx_platform_software |
Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24452 MISC |
intel — soc_driver |
Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2021-0109 MISC |
intel — ssd_toolbox |
Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-8701 MISC |
intel — trace_analyzer_and_collector |
Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2021-02-17 | not yet calculated | CVE-2020-24485 MISC |
intel — xtu |
Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access. | 2021-02-17 | not yet calculated | CVE-2020-24480 MISC |
irfanview — irfanview | The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code. | 2021-02-17 | not yet calculated | CVE-2021-27362 MISC MISC |
irfanview — irfanview |
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. | 2021-02-17 | not yet calculated | CVE-2021-27224 MISC MISC MISC |
jackson-dataformat-cbor — jackson-dataformat-cbor |
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. | 2021-02-18 | not yet calculated | CVE-2020-28491 CONFIRM CONFIRM CONFIRM |
jinjava — jinjava |
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure. | 2021-02-19 | not yet calculated | CVE-2020-12668 MISC MISC MISC MISC MISC |
jsdom — jsdom |
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. | 2021-02-16 | not yet calculated | CVE-2021-20066 MISC |
kollectapps — kollectapps |
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. | 2021-02-18 | not yet calculated | CVE-2021-27335 MISC |
less-openui5 — less-openui5 |
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0. | 2021-02-16 | not yet calculated | CVE-2021-21316 MISC MISC MISC CONFIRM MISC |
library_system — library_system |
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user. | 2021-02-15 | not yet calculated | CVE-2021-26200 MISC |
linux — linux_kernel
|
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. | 2021-02-17 | not yet calculated | CVE-2021-26933 MISC |
linux — linux_kernel
|
An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn’t stated accordingly in its support status entry. | 2021-02-17 | not yet calculated | CVE-2021-26934 MISC |
linux — linux_kernel |
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. | 2021-02-19 | not yet calculated | CVE-2020-35499 MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn’t mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. | 2021-02-17 | not yet calculated | CVE-2021-26930 MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn’t correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. | 2021-02-17 | not yet calculated | CVE-2021-26931 MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. | 2021-02-17 | not yet calculated | CVE-2021-26932 MISC |
livy — livy |
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users’ sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating. | 2021-02-20 | not yet calculated | CVE-2021-26544 MLIST CONFIRM CONFIRM |
lodash — lodash |
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template. | 2021-02-15 | not yet calculated | CVE-2021-23337 MISC MISC MISC MISC MISC MISC MISC |
lodash — lodash |
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require(‘lodash’); function build_blank (n) { var ret = “1” for (var i = 0; i < n; i++) { ret += ” ” } return ret + “1”; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() – time0; console.log(“time_cost0: ” + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() – time1; console.log(“time_cost1: ” + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() – time2; console.log(“time_cost2: ” + time_cost2) | 2021-02-15 | not yet calculated | CVE-2020-28500 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
mailtrain — mailtrain |
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. | 2021-02-19 | not yet calculated | CVE-2020-24617 MISC MISC |
mcafee — web_gateway |
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. | 2021-02-17 | not yet calculated | CVE-2021-23885 CONFIRM |
metasys — reporting_engine_web_services |
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. | 2021-02-19 | not yet calculated | CVE-2020-9050 CONFIRM CERT |
microweber — microweber |
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file. | 2021-02-15 | not yet calculated | CVE-2020-28337 MISC MISC MISC |
mitsubishi — electric_fa_engineering_software |
Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. | 2021-02-19 | not yet calculated | CVE-2021-20588 MISC MISC |
mitsubishi — electric_fa_engineering_software |
Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. | 2021-02-19 | not yet calculated | CVE-2021-20587 MISC MISC |
modernflow — modernflow |
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. | 2021-02-19 | not yet calculated | CVE-2021-3339 MISC MISC |
mumble — mumble |
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | 2021-02-16 | not yet calculated | CVE-2021-27229 MISC MISC MISC MLIST |
mutare — voice | An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue. | 2021-02-16 | not yet calculated | CVE-2021-27233 MISC |
mutare — voice |
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database. | 2021-02-16 | not yet calculated | CVE-2021-27235 MISC |
mutare — voice |
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp. | 2021-02-16 | not yet calculated | CVE-2021-27234 MISC |
mutare — voice |
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution. | 2021-02-16 | not yet calculated | CVE-2021-27236 MISC |
nagios — xi_5.7.2 |
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. | 2021-02-15 | not yet calculated | CVE-2020-24899 MISC |
nagiosxi — 5.6.11 |
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into a request. | 2021-02-15 | not yet calculated | CVE-2020-22427 MISC |
netis — multiple_devices |
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | 2021-02-18 | not yet calculated | CVE-2021-26747 MISC MISC |
node.js — node.js | A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js. | 2021-02-19 | not yet calculated | CVE-2021-27405 MISC MISC MISC |
node.js — node.js | The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | 2021-02-19 | not yet calculated | CVE-2021-3189 MISC MISC |
node.js — node.js |
The System Information Library for Node.JS (npm package “systeminformation”) is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() … do only allow strings, reject any arrays. String sanitation works as expected. | 2021-02-16 | not yet calculated | CVE-2021-21315 MISC CONFIRM MISC |
ondemand — ondemand |
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | 2021-02-19 | not yet calculated | CVE-2020-36247 MISC |
opc_ua.net — opc_ua.net |
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates. | 2021-02-16 | not yet calculated | CVE-2020-29457 MISC CONFIRM MISC |
opencast — opencast |
Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2. | 2021-02-18 | not yet calculated | CVE-2021-21318 MISC CONFIRM |
openemr — openemr |
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | 2021-02-15 | not yet calculated | CVE-2020-29140 MISC MISC MISC MISC MISC |
openemr — openemr |
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | 2021-02-15 | not yet calculated | CVE-2020-29143 MISC MISC MISC MISC |
openemr — openemr |
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. | 2021-02-15 | not yet calculated | CVE-2020-29139 MISC MISC MISC MISC |
openldap — openldap |
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. | 2021-02-14 | not yet calculated | CVE-2021-27212 MISC MISC MISC MLIST |
opennms — meridian |
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions. | 2021-02-17 | not yet calculated | CVE-2021-3396 MISC CONFIRM |
openrepeater — openrepeater |
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | 2021-02-19 | not yet calculated | CVE-2019-25024 MISC MISC |
openssl — opensll | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | 2021-02-16 | not yet calculated | CVE-2021-23841 CONFIRM CONFIRM CONFIRM DEBIAN CONFIRM |
openssl — opensll |
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | 2021-02-16 | not yet calculated | CVE-2021-23840 CONFIRM CONFIRM CONFIRM DEBIAN CONFIRM |
openssl — openssl |
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). | 2021-02-16 | not yet calculated | CVE-2021-23839 CONFIRM CONFIRM CONFIRM |
owncloud — owncloud | In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. | 2021-02-19 | not yet calculated | CVE-2020-36250 MISC |
owncloud — owncloud | ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | 2021-02-19 | not yet calculated | CVE-2020-36252 MISC |
owncloud — owncloud |
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else’s access to that share. | 2021-02-19 | not yet calculated | CVE-2020-36251 MISC |
owncloud — owncloud |
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. | 2021-02-19 | not yet calculated | CVE-2020-36249 MISC |
owncloud — owncloud |
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | 2021-02-19 | not yet calculated | CVE-2020-36248 MISC |
owncloud — owncloud |
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview. | 2021-02-19 | not yet calculated | CVE-2020-10254 MISC CONFIRM MISC |
owncloud — owncloud |
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack. | 2021-02-19 | not yet calculated | CVE-2020-10252 MISC CONFIRM MISC |
pelco — digital_sentry_server |
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered. | 2021-02-16 | not yet calculated | CVE-2021-27232 MISC MISC |
phpgurukul — car_rental_project |
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. | 2021-02-17 | not yet calculated | CVE-2021-26809 MISC MISC |
pi-hole — pi-hole | Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie. | 2021-02-18 | not yet calculated | CVE-2020-35592 MISC MISC |
pi-hole — pi-hole |
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user’s account through the active session. | 2021-02-18 | not yet calculated | CVE-2020-35591 MISC MISC |
pimcore — pimcore |
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability. | 2021-02-18 | not yet calculated | CVE-2021-23340 MISC MISC MISC |
pnglmg — pnglmg |
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file. | 2021-02-20 | not yet calculated | CVE-2020-28248 MISC MISC MISC MISC |
powerlogic — multiple_products |
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. | 2021-02-19 | not yet calculated | CVE-2021-22701 MISC |
powerlogic — multiple_products |
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. | 2021-02-19 | not yet calculated | CVE-2021-22703 MISC |
powerlogic — multiple_products |
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. | 2021-02-19 | not yet calculated | CVE-2021-22702 MISC |
pressbooks — pressbooks |
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info’s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS. | 2021-02-18 | not yet calculated | CVE-2021-3271 MISC MISC MISC |
prism-asciidoc — prism-asciidoc |
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. | 2021-02-18 | not yet calculated | CVE-2021-23341 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
property_management_system — property_management_system |
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. | 2021-02-17 | not yet calculated | CVE-2021-22858 CONFIRM MISC |
prototye_pollution — prototype_pollution |
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . | 2021-02-18 | not yet calculated | CVE-2020-28499 CONFIRM CONFIRM CONFIRM |
qlib — qlib |
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function. | 2021-02-15 | not yet calculated | CVE-2021-23338 MISC MISC |
qnap — nas_devices |
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) | 2021-02-17 | not yet calculated | CVE-2020-2501 MISC |
qnap — photo_station |
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later | 2021-02-17 | not yet calculated | CVE-2020-2502 MISC |
racom — midge_firmware
|
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. | 2021-02-16 | not yet calculated | CVE-2021-20074 MISC |
racom — midge_firmware |
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. | 2021-02-16 | not yet calculated | CVE-2021-20067 MISC |
racom — midge_firmware |
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. | 2021-02-16 | not yet calculated | CVE-2021-20073 MISC |
racom — midge_firmware |
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. | 2021-02-16 | not yet calculated | CVE-2021-20072 MISC |
reportlab — reportlab |
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab’s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src=”http://127.0.0.1:5000″ valign=”top”/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF | 2021-02-18 | not yet calculated | CVE-2020-28463 CONFIRM CONFIRM |
rust — rust | An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free. | 2021-02-18 | not yet calculated | CVE-2021-27377 MISC |
rust — rust |
An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | 2021-02-18 | not yet calculated | CVE-2021-27376 MISC |
rust — rust |
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. | 2021-02-18 | not yet calculated | CVE-2021-27378 MISC |
sangoma — asterisk | An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash. | 2021-02-18 | not yet calculated | CVE-2021-26717 MISC FULLDISC MISC CONFIRM CONFIRM |
sangoma — asterisk |
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. | 2021-02-19 | not yet calculated | CVE-2021-26713 MISC MISC MISC |
sangoma — asterisk |
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. | 2021-02-18 | not yet calculated | CVE-2020-35776 MISC FULLDISC CONFIRM MISC CONFIRM |
sangoma — asterisk |
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. | 2021-02-18 | not yet calculated | CVE-2021-26712 MISC FULLDISC MISC CONFIRM CONFIRM |
secomea — gatemanager | An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c | 2021-02-15 | not yet calculated | CVE-2020-29031 MISC |
secomea — gatemanager |
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c. | 2021-02-15 | not yet calculated | CVE-2020-29026 MISC |
secomea — gatemanager |
Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. | 2021-02-16 | not yet calculated | CVE-2020-29024 MISC |
secomea — gatemanager |
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim’s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3. | 2021-02-16 | not yet calculated | CVE-2020-29023 MISC CONFIRM |
secomea — gatemanager |
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3 | 2021-02-16 | not yet calculated | CVE-2020-29022 MISC |
smartstorenet — smartstorenet |
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). | 2021-02-19 | not yet calculated | CVE-2020-27997 MISC MISC |
soar — cloud_system | The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands. | 2021-02-17 | not yet calculated | CVE-2021-22855 CONFIRM MISC |
soar — cloud_system |
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work. | 2021-02-17 | not yet calculated | CVE-2021-22853 CONFIRM MISC |
soar — cloud_system |
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege. | 2021-02-17 | not yet calculated | CVE-2021-22854 CONFIRM MISC |
steghide — steghide |
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. | 2021-02-15 | not yet calculated | CVE-2021-27211 MISC MISC MISC |
sytech — xl_reporter |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. | 2021-02-19 | not yet calculated | CVE-2020-13549 MISC |
teachers_record_management_system — teachers_record_management_system |
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in ‘searchteacher’ POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. | 2021-02-15 | not yet calculated | CVE-2021-26822 MISC MISC |
telsa — solarcity_solar_monitoring_gateway |
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a “Use of Hard-coded Credentials” issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | 2021-02-18 | not yet calculated | CVE-2020-9306 CONFIRM MISC MISC MISC |
testes_de_codigo — testes_de_codigo |
Mobile application “Testes de Codigo” 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters “isAdmin” and “isPremium” located on device storage. | 2021-02-16 | not yet calculated | CVE-2021-25648 MISC |
three — three |
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require(‘three’) function build_blank (n) { var ret = “rgb(” for (var i = 0; i < n; i++) { ret += ” ” } return ret + “”; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() – time; console.log(time_cost+” ms”) | 2021-02-18 | not yet calculated | CVE-2020-28496 MISC MISC MISC MISC |
traefik — traefik |
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. | 2021-02-18 | not yet calculated | CVE-2021-27375 MISC CONFIRM |
uap-core — uap-core |
uap-core in an open-source npm package which contains the core of BrowserScope’s original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes. | 2021-02-16 | not yet calculated | CVE-2021-21317 MISC CONFIRM MISC |
uprism — uprism |
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | 2021-02-17 | not yet calculated | CVE-2020-7849 MISC |
vertigis — weboffice |
VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve “Zugriff auf Inhalte der WebOffice Applikation.” | 2021-02-17 | not yet calculated | CVE-2021-27374 MISC MISC |
visualware — myconnection_server |
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. | 2021-02-19 | not yet calculated | CVE-2021-27509 MISC |
voloko– twitter-stream |
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused). | 2021-02-19 | not yet calculated | CVE-2020-24392 MISC MISC |
voloko– twitter-stream |
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack. | 2021-02-19 | not yet calculated | CVE-2020-24393 MISC MISC |
webware — webdesktop |
SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. | 2021-02-19 | not yet calculated | CVE-2021-3204 MISC |
wireshark — wireshark |
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | 2021-02-17 | not yet calculated | CVE-2021-22174 CONFIRM MISC MISC |
wireshark — wireshark |
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | 2021-02-17 | not yet calculated | CVE-2021-22173 CONFIRM MISC MISC |
xen — xen |
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. | 2021-02-18 | not yet calculated | CVE-2021-27379 MISC |
yeastar — neogate_devices | Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key. | 2021-02-19 | not yet calculated | CVE-2021-27328 MISC MISC |
zoho — manageengine_adselfservice_plus |
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | 2021-02-19 | not yet calculated | CVE-2021-27214 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.