Vulnerability Summary for the Week of January 25, 2021CISA All NCAS Products

Original release date: February 1, 2021

High Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

async-git_project — async-git
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.
2021-01-26
7.5
CVE-2021-3190
MISC
MISC
MISC
CONFIRM

caret — caret
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
2021-01-26
10
CVE-2020-20269
MISC
FULLDISC
MISC
MISC
MISC
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.
2021-01-29
7.2
CVE-2021-25129
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.
2021-01-29
7.2
CVE-2021-25137
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsolvideoremotestorage_func function.
2021-01-29
7.2
CVE-2021-25136
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsmtp_func function.
2021-01-29
7.2
CVE-2021-25135
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setremoteimageinfo_func function.
2021-01-29
7.2
CVE-2021-25134
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setradiusconfig_func function.
2021-01-29
7.2
CVE-2021-25133
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setmediaconfig_func function.
2021-01-29
7.2
CVE-2021-25132
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setfwimagelocation_func function.
2021-01-29
7.2
CVE-2021-25131
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function.
2021-01-29
7.2
CVE-2021-25130
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.
2021-01-29
7.2
CVE-2021-25128
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.
2021-01-29
7.2
CVE-2021-25127
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.
2021-01-29
7.2
CVE-2021-25126
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.
2021-01-29
7.2
CVE-2021-25125
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.
2021-01-29
7.2
CVE-2021-25124
MISC

hpe — cloudline_cl3100_gen10_server_firmware
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice uploadsshkey function.
2021-01-29
7.2
CVE-2021-25138
MISC

ibm — security_guardium
IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.
2021-01-27
9
CVE-2020-4952
XF
CONFIRM

mingsoft — mcms
An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
2021-01-26
7.5
CVE-2020-23262
MISC

pepperl-fuchs — io-link_master_4-eip_firmware
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
2021-01-22
9
CVE-2020-12513
CONFIRM

pyres — termod4
Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.
2021-01-26
9
CVE-2020-23160
MISC
MISC

spotweb_project — spotweb
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
2021-01-26
7.5
CVE-2021-3286
MISC

Medium Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

apache — java_chassis
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
2021-01-25
6
CVE-2020-17532
CONFIRM
CONFIRM

apache — traffic_control
When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.
2021-01-26
5
CVE-2020-17522
MISC

deltaww — tpeditor
TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
2021-01-26
6.8
CVE-2020-27284
MISC

deltaww — tpeditor
An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
2021-01-26
6.8
CVE-2020-27288
MISC

dzzoffice — dzzoffice
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
2021-01-27
4.3
CVE-2021-3318
MISC

faststone — image_viewer
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.
2021-01-26
6.8
CVE-2020-35844
MISC
MISC

faststone — image_viewer
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.
2021-01-26
6.8
CVE-2020-35845
MISC
MISC

faststone — image_viewer
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.
2021-01-26
4.3
CVE-2020-35843
MISC
MISC

feehi — feehi_cms
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.
2021-01-26
4.3
CVE-2020-21146
MISC

feehi — feehi_cms
Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.
2021-01-26
6.5
CVE-2020-22643
MISC

fujielectric — v-server
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
2021-01-27
6.8
CVE-2021-22653
MISC

fujielectric — v-server
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
2021-01-27
6.8
CVE-2021-22655
MISC

fujielectric — v-server
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
2021-01-27
6.8
CVE-2021-22641
MISC
MISC

fujielectric — v-server
An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
2021-01-27
6.8
CVE-2021-22639
MISC
MISC

fujielectric — v-server
Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
2021-01-27
6.8
CVE-2021-22637
MISC
MISC

google — android
In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android, Versions: Android-10, Android ID: A-79703353.
2021-01-26
5
CVE-2020-0236
CONFIRM

hyweb — hycms-j1
Hyweb HyCMS-J1’s API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
2021-01-22
6.5
CVE-2021-22847
CONFIRM

ibm — cloud_pak_for_security
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
2021-01-27
5
CVE-2020-4815
XF
CONFIRM

ibm — cloud_pak_for_security
IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.
2021-01-27
5
CVE-2020-4628
XF
CONFIRM

ibm — cloud_pak_for_security
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.
2021-01-27
4.3
CVE-2020-4816
XF
CONFIRM

ibm — cloud_pak_for_security
IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2021-01-27
4.3
CVE-2020-4820
XF
CONFIRM

ibm — cloud_pak_for_security
IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.
2021-01-27
4
CVE-2020-4967
XF
CONFIRM

ibm — mq_internet_pass-thru
IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
2021-01-22
5
CVE-2020-4766
XF
CONFIRM

ibm — security_guardium
IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.
2021-01-27
4
CVE-2020-4189
XF
CONFIRM

ibm — websphere_application_server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
2021-01-26
6.4
CVE-2020-4949
XF
CONFIRM

iris — star_practice_management
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.
2021-01-29
4
CVE-2020-28406
MISC
MISC

iris — star_practice_management
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.
2021-01-29
4
CVE-2020-28404
MISC
MISC

iris — star_practice_management
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.
2021-01-29
4
CVE-2020-28401
MISC
MISC

iris — star_practice_management
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.
2021-01-29
6.5
CVE-2020-28405
MISC
MISC

iris — star_practice_management
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.
2021-01-29
6.5
CVE-2020-28402
MISC
MISC

iris — star_practice_management
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.
2021-01-29
6.8
CVE-2020-28403
MISC
MISC

jquery — jquery_ui
This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the “dialog” is injected into an HTML tag more than once, the browser and the application may crash.
2021-01-22
5
CVE-2020-28488
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM

mantisbt — mantisbt
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)
2021-01-29
4
CVE-2020-29605
MISC
MISC

mantisbt — mantisbt
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.
2021-01-29
4
CVE-2020-29604
MISC
MISC

mantisbt — mantisbt
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects’ names via the manage_proj_edit_page.php project_id parameter, without having access to them.
2021-01-29
4
CVE-2020-29603
MISC
MISC

misp — misp
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in “path” parameter, an attacker can execute malicious JavaScript code.
2021-01-26
4.3
CVE-2020-24085
MISC

newbee-mall_project — newbee-mall
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the “View Recipient Information” of this order in “Order Management Office”.
2021-01-26
4.3
CVE-2020-23447
MISC

nodered — node-red-dashboard
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
2021-01-26
5
CVE-2021-3223
MISC
CONFIRM

openldap — openldap
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
2021-01-26
5
CVE-2020-36228
MISC
MISC
MISC

openldap — openldap
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
2021-01-26
5
CVE-2020-36230
MISC
MISC
MISC

openldap — openldap
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.
2021-01-26
5
CVE-2020-36226
MISC
MISC
MISC
MISC
MISC
MISC

openldap — openldap
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
2021-01-26
5
CVE-2020-36221
MISC
MISC
MISC
MISC
MISC

openldap — openldap
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
2021-01-26
5
CVE-2020-36222
MISC
MISC
MISC
MISC
MISC
MISC

openldap — openldap
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
2021-01-26
5
CVE-2020-36223
MISC
MISC
MISC

openldap — openldap
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
2021-01-26
5
CVE-2020-36224
MISC
MISC
MISC
MISC
MISC
MISC

openldap — openldap
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
2021-01-26
5
CVE-2020-36225
MISC
MISC
MISC
MISC
MISC
MISC

openldap — openldap
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.
2021-01-26
5
CVE-2020-36229
MISC
MISC
MISC

openldap — openldap
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.
2021-01-26
5
CVE-2020-36227
MISC
MISC
MISC

panasonic — fpwin_pro
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.
2021-01-26
6.8
CVE-2020-16236
MISC

pepperl-fuchs — io-link_master_4-eip_firmware
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
2021-01-22
4
CVE-2020-12514
CONFIRM

pepperl-fuchs — io-link_master_4-eip_firmware
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
2021-01-22
6.8
CVE-2020-12511
CONFIRM

phpgurukul — daily_expense_tracker_system
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.
2021-01-29
4.3
CVE-2021-26303
MISC

phpgurukul_daily_expense_tracker_system_project — phpgurukul_daily_expense_tracker_system
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.
2021-01-29
4.3
CVE-2021-26304
MISC

report_project — report
The MediaWiki “Report” extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
2021-01-25
4.3
CVE-2021-21275
MISC
CONFIRM

revive-adserver — revive_adserver
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
2021-01-28
4.3
CVE-2021-22875
MISC
MISC
MISC

revive-adserver — revive_adserver
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
2021-01-28
4.3
CVE-2021-22874
MISC
MISC
MISC

Low Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

apfell_project — apfell
APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.
2021-01-26
3.5
CVE-2020-23014
MISC
MISC

bdtask — multi-store
Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.
2021-01-27
3.5
CVE-2020-36012
MISC
MISC
MISC

bigprof — online_invoicing_system
Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.
2021-01-22
3.5
CVE-2021-21260
MISC
CONFIRM

compo — composr_cms
Composr CMS 10.0.34 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via Add Banners in the Description field.
2021-01-26
3.5
CVE-2020-35310
MISC

hyweb — hycms-j1
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
2021-01-22
3.5
CVE-2021-22849
CONFIRM

ibm — collaborative_lifecycle_management
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.
2021-01-27
3.5
CVE-2020-4524
XF
CONFIRM

ibm — collaborative_lifecycle_management
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
2021-01-27
3.5
CVE-2020-4547
XF
CONFIRM

ibm — spectrum_scale
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
2021-01-26
2.1
CVE-2020-4889
XF
CONFIRM

o-dyn — collabtive
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
2021-01-29
3.5
CVE-2021-3298
MISC
MISC

openwrt — openwrt
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
2021-01-26
3.5
CVE-2019-25015
MISC
MISC

pepperl-fuchs — io-link_master_4-eip_firmware
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
2021-01-22
3.5
CVE-2020-12512
CONFIRM

rockoa — rockoa
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.
2021-01-26
3.5
CVE-2020-21147
MISC
MISC

Severity Not Yet Assigned

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

rocket.chat — rocket.chat
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
2021-01-26
not yet calculated
CVE-2020-8292
MISC
MISC

4images — image_gallary_management_system

4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.
2021-01-26
not yet calculated
CVE-2020-35853
MISC

abi_stable — abi_stable

An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.
2021-01-26
not yet calculated
CVE-2020-36212
MISC

abi_stable — abi_stable

An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness.
2021-01-26
not yet calculated
CVE-2020-36213
MISC

accfly — wireless_security_ir_camera_720p

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.
2021-01-28
not yet calculated
CVE-2020-25783
MISC

accfly — wireless_security_ir_camera_720p

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.
2021-01-28
not yet calculated
CVE-2020-25785
MISC

accfly — wireless_security_ir_camera_720p

An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.
2021-01-28
not yet calculated
CVE-2020-25782
MISC

accfly — wireless_security_ir_camera_720p

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.
2021-01-28
not yet calculated
CVE-2020-25784
MISC

acdsee — professional_2021

PlugInsIDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.
2021-01-26
not yet calculated
CVE-2021-26026
MISC

acdsee — professional_2021

PlugInsIDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.
2021-01-26
not yet calculated
CVE-2021-26025
MISC

acronis_true_image — acronis_true_image

Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
2021-01-29
not yet calculated
CVE-2020-35145
MISC
CONFIRM

aovec — aovec

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
2021-01-26
not yet calculated
CVE-2020-36207
MISC

apache — activemq_artemis
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.
2021-01-27
not yet calculated
CVE-2021-26117
MLIST
MLIST
MISC

apache — activemq_artemis

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.
2021-01-27
not yet calculated
CVE-2021-26118
MLIST
MISC

apache — druid

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
2021-01-29
not yet calculated
CVE-2021-25646
MLIST
MLIST
MLIST
MLIST
MISC

apache — hadoop

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
2021-01-26
not yet calculated
CVE-2020-9492
MISC
MLIST

archer — archer
Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks.
2021-01-29
not yet calculated
CVE-2020-29536
CONFIRM
MISC

archer — archer
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
2021-01-29
not yet calculated
CVE-2020-29537
CONFIRM
MISC

archer — archer
Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks.
2021-01-29
not yet calculated
CVE-2020-29538
CONFIRM
MISC

archer — archer

Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
2021-01-29
not yet calculated
CVE-2020-29535
CONFIRM
MISC

assuweb — assuweb

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.
2021-01-28
not yet calculated
CVE-2021-3160
MISC
MISC

async-h1 — async-h1

An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.
2021-01-26
not yet calculated
CVE-2020-36202
MISC

aterm — wf800hp_firmware

Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
2021-01-28
not yet calculated
CVE-2021-20620
MISC
MISC
MISC

aterm — wg2600hp_firmware

Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
2021-01-28
not yet calculated
CVE-2021-20621
MISC
MISC
MISC

aterm — wg2600hp_firmware

Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
2021-01-28
not yet calculated
CVE-2021-20622
MISC
MISC
MISC

atlassian — bamboo

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.
2021-01-28
not yet calculated
CVE-2021-26067
MISC

atomic-option — atomic-option

An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur.
2021-01-26
not yet calculated
CVE-2020-36219
MISC

autoand — autoand

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.
2021-01-26
not yet calculated
CVE-2020-36210
MISC

av-data — av-data

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.
2021-01-26
not yet calculated
CVE-2021-25904
MISC

bakeshop — online_ordering_system

Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard – “Categories”.
2021-01-26
not yet calculated
CVE-2020-35309
MISC

basic_dsp_matrix — basic_dsp_matrix

An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
2021-01-26
not yet calculated
CVE-2021-25906
MISC

bitcoin — core

bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call.
2021-01-26
not yet calculated
CVE-2021-3195
MISC

bosch — fsm-2500_server_and_fsm-5000_server

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system.
2021-01-26
not yet calculated
CVE-2020-6779
MISC

bosch — fsm-2500_server_and_fsm-5000_server

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.
2021-01-26
not yet calculated
CVE-2020-6780
MISC

bra — bra

An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
2021-01-26
not yet calculated
CVE-2021-25905
MISC

buttplug — buttplug

An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send|!Sync) objects, leading to a data race.
2021-01-26
not yet calculated
CVE-2020-36218
MISC

cache — cache

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.
2021-01-26
not yet calculated
CVE-2021-25903
MISC

cakephp — cakephp

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method.
2021-01-26
not yet calculated
CVE-2020-35239
MISC

cdr-rs — cdr-rs

An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
2021-01-29
not yet calculated
CVE-2021-26305
MISC

churchrota — churchrota

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
2021-01-26
not yet calculated
CVE-2021-3164
MISC
MISC

ckeditor — ckeditor
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
2021-01-26
not yet calculated
CVE-2021-26271
MISC

ckeditor — ckeditor

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
2021-01-26
not yet calculated
CVE-2021-26272
MISC

ckeditor — ckeditor

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.
2021-01-29
not yet calculated
CVE-2021-21254
MISC
CONFIRM
MISC

codiad — codiad

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.
2021-01-27
not yet calculated
CVE-2020-23355
MISC

conquer-once — conquer-once

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.
2021-01-26
not yet calculated
CVE-2020-36208
MISC

containers — containers

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.
2021-01-26
not yet calculated
CVE-2021-25907
MISC

cpanel — cpanel

cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
2021-01-26
not yet calculated
CVE-2021-26266
MISC

cpanel — cpanel

cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
2021-01-26
not yet calculated
CVE-2021-26267
MISC

d-link — dir_825_r1_devices

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.
2021-01-29
not yet calculated
CVE-2020-29557
MISC
MISC

delta_electronics — ispsoft

A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.
2021-01-26
not yet calculated
CVE-2020-27280
MISC

dh2i — dxenterprise_and_dxodyssey

A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.
2021-01-29
not yet calculated
CVE-2021-3341
MISC

duncaen — opendoas

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.
2021-01-28
not yet calculated
CVE-2019-25016
MISC
MISC
MISC
MISC

ecostruxure — operator_terminal_expert_and_pro-face_blue

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
2021-01-26
not yet calculated
CVE-2020-28221
MISC

ecostruxure — power_build
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build – Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
2021-01-26
not yet calculated
CVE-2021-22698
MISC

ecostruxure — power_build

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build – Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
2021-01-26
not yet calculated
CVE-2021-22697
MISC

egavilan — media_crud_operation

Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the ‘Add New Record Feature’.
2021-01-28
not yet calculated
CVE-2020-36115
MISC

egavilanmedia — user_registration_and_login_system

EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.
2021-01-26
not yet calculated
CVE-2020-35263
MISC

electron — electron

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.
2021-01-28
not yet calculated
CVE-2020-26272
MISC
MISC
MISC
CONFIRM
MISC

eset — multiple_products

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.
2021-01-26
not yet calculated
CVE-2020-26941
MISC

eventio — eventio

An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.
2021-01-26
not yet calculated
CVE-2020-36216
MISC

fil-ocl — fil-ocl

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.
2021-01-26
not yet calculated
CVE-2021-25908
MISC

flarum — flarum

Flarum is an open source discussion platform for websites. The “Flarum Sticky” extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through the m.trust() helper. This resulted in an HTML injection where <script> tags would not be executed. However it was possible to run javascript from other HTML attributes, enabling a cross-site scripting (XSS) attack to be performed. Since the exploit only happens with the first post of a pinned discussion, an attacker would need the ability to pin their own discussion, or be able to edit a discussion that was previously pinned. On forums where all pinned posts are authored by your staff, you can be relatively certain the vulnerability has not been exploited. Forums where some user-created discussions were pinned can look at the first post edit date to find whether the vulnerability might have been exploited. Because Flarum doesn’t store the post content history, you cannot be certain if a malicious edit was reverted. The fix will be available in version v0.1.0-beta.16 with Flarum beta 16. The fix has already been back-ported to Flarum beta 15 as version v0.1.0-beta.15.1 of the Sticky extension. Forum administrators can disable the Sticky extension until they are able to apply the update. The vulnerability cannot be exploited while the extension is disabled.
2021-01-26
not yet calculated
CVE-2021-21283
MISC
MISC
MISC
CONFIRM

foris — foris

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.
2021-01-29
not yet calculated
CVE-2021-3346
MISC
MISC
MISC

ftpd — ftpd

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
2021-01-26
not yet calculated
CVE-2013-2512
MISC

geeni — gnc-cw013

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password.
2021-01-26
not yet calculated
CVE-2020-28998
MISC
MISC

geeni — gnc-cw013

An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service.
2021-01-26
not yet calculated
CVE-2020-28999
MISC
MISC

geeni — gnc-cw013

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.
2021-01-26
not yet calculated
CVE-2020-29000
MISC
MISC

geeni — mulitple_products

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application.
2021-01-26
not yet calculated
CVE-2020-29001
MISC
MISC

gfwx — gfwx

An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
2021-01-26
not yet calculated
CVE-2020-36211
MISC

glsl-layout — glsl-layout

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.
2021-01-26
not yet calculated
CVE-2021-25902
MISC

gnu — c_library

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
2021-01-27
not yet calculated
CVE-2021-3326
MLIST
MISC
MISC

go — go
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
2021-01-26
not yet calculated
CVE-2021-3115
CONFIRM
CONFIRM

go — go

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
2021-01-26
not yet calculated
CVE-2021-3114
CONFIRM
CONFIRM

godaddy — godaddy

** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.
2021-01-27
not yet calculated
CVE-2021-26276
MISC

google — android

In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138791358
2021-01-26
not yet calculated
CVE-2020-27098
MISC

google — android

In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729426
2021-01-26
not yet calculated
CVE-2020-27097
MISC

gstreamer — h264

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
2021-01-26
not yet calculated
CVE-2021-3185
MISC

hackolade — hackolade

An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application.
2021-01-26
not yet calculated
CVE-2020-25737
MISC

hashconsing — hashconsing

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.
2021-01-26
not yet calculated
CVE-2020-36215
MISC

hedgedoc — hedgedoc

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.2. ### Workarounds Disallow loading JavaScript from 3rd party sites using the `Content-Security-Policy` header. Note that this will break some embedded content. ### References This issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648 ### For more information If you have any questions or comments about this advisory: * Open an topic on our community forum * Join our matrix room
2021-01-22
not yet calculated
CVE-2021-21259
MISC
MISC
CONFIRM

hewlett_packard — multiple_products

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function.
2021-01-29
not yet calculated
CVE-2021-25123
MISC

hitachi — vantara_pentaho
The New Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Analysis Report Description’ field in ‘About this Report’ section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.
2021-01-29
not yet calculated
CVE-2020-24669
MISC
MISC

hitachi — vantara_pentaho
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘type’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
2021-01-29
not yet calculated
CVE-2020-24670
MISC
MISC

hitachi — vantara_pentaho

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA
2021-01-29
not yet calculated
CVE-2020-24665
MISC
MISC

hitachi — vantara_pentaho

The Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Display Name’ parameter. Remediated in >= 9.1.0.1
2021-01-29
not yet calculated
CVE-2020-24666
MISC
MISC

hitachi — vantara_pentaho

The dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘pho:title’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
2021-01-29
not yet calculated
CVE-2020-24664
MISC
MISC

home_assistant — home_assistant

** DISPUTED ** Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor’s perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation.
2021-01-26
not yet calculated
CVE-2021-3152
CONFIRM
MISC

htcondor — condor_credd

condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.
2021-01-27
not yet calculated
CVE-2021-25311
MISC

htcondor — htcondor
HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.
2021-01-27
not yet calculated
CVE-2021-25312
MISC

ibm — infosphere_information_server

** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2021-01-26
not yet calculated
CVE-2020-27583
MISC

ibm — mq

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
2021-01-28
not yet calculated
CVE-2020-4682
XF
CONFIRM

ibm — qradar_siem
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.
2021-01-28
not yet calculated
CVE-2020-4888
XF
CONFIRM

ibm — qradar_siem

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.
2021-01-27
not yet calculated
CVE-2020-4787
XF
CONFIRM

ibm — qradar_siem

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.
2021-01-27
not yet calculated
CVE-2020-4789
XF
CONFIRM

ibm — qradar_siem

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.
2021-01-27
not yet calculated
CVE-2020-4786
XF
CONFIRM

ide_atapi_cmd_reply_end — ide_atapi_cmd_reply_end

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
2021-01-26
not yet calculated
CVE-2020-29443
MISC
MISC

im — im

An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
2021-01-26
not yet calculated
CVE-2020-36204
MISC

iniparserjs — iniparserjs

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
2021-01-29
not yet calculated
CVE-2021-23328
MISC
MISC

istio_pilot — istio_pilot

A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).
2021-01-29
not yet calculated
CVE-2019-25014
MISC
MISC

jenkins — jenkins

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
2021-01-26
not yet calculated
CVE-2021-21615
MLIST
CONFIRM

jp2_ decode — jp2_decode

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
2021-01-27
not yet calculated
CVE-2021-3272
MISC

jxbrowser — ti_code_composer_studio_ide

jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.
2021-01-26
not yet calculated
CVE-2021-3285
MISC

klog — klog_server

KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
2021-01-26
not yet calculated
CVE-2021-3317
MISC

late-static — late-static

An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.
2021-01-26
not yet calculated
CVE-2020-36209
MISC

lazy-init — lazy-init

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
2021-01-26
not yet calculated
CVE-2021-25901
MISC

libgcrypt — libgcrypt

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 has a heap-based buffer overflow when the digest final function sets a large count value.
2021-01-29
not yet calculated
CVE-2021-3345
MISC
MISC
MISC
MISC
MISC

linux — linux_kernel

A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
2021-01-26
not yet calculated
CVE-2020-35513
MISC
MISC

linux — linux_kernel

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
2021-01-29
not yet calculated
CVE-2021-3347
MLIST
MLIST
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

local_service — search_engine_management

Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
2021-01-26
not yet calculated
CVE-2021-3278
MISC
MISC

logstorage — logstorage

Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.
2021-01-28
not yet calculated
CVE-2020-5626
MISC
MISC

m&m_software — fdtcontainer_component

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
2021-01-22
not yet calculated
CVE-2020-12525
CONFIRM
MISC

madcodehook — madcodehook

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.
2021-01-30
not yet calculated
CVE-2020-14418
MISC
MISC

marc_crate — marc_crate

An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.
2021-01-29
not yet calculated
CVE-2021-26308
MISC

matrikon — opc_ua_tunneller

The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
2021-01-26
not yet calculated
CVE-2020-27297
MISC

matrikon — opc_ua_tunneller

The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).
2021-01-26
not yet calculated
CVE-2020-27299
MISC

matrikon — opc_ua_tunneller

The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
2021-01-26
not yet calculated
CVE-2020-27295
MISC

matrikon — opc_ua_tunneller

Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
2021-01-26
not yet calculated
CVE-2020-27274
MISC

mautic — mautic

A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
2021-01-28
not yet calculated
CVE-2020-35124
MISC
MISC
MISC
MISC

may_queue — may_queue

An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.
2021-01-26
not yet calculated
CVE-2020-36217
MISC

mediawiki — mediawiki

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
2021-01-29
not yet calculated
CVE-2020-29004
MISC
CONFIRM
MISC

mediawiki — mediawiki

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
2021-01-29
not yet calculated
CVE-2020-29005
MISC
MISC

melfa — fr_series_controllers

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller “CR800-*V*D” of RV-*FR***-D-* all versions, controller “CR800-*HD” of RH-*FRH***-D-* all versions, controller “CR800-*HRD” of RH-*FRHR***-D-* all versions, controller “CR800-*V*R with R16RTCPU” of RV-*FR***-R-* all versions, controller “CR800-*HR with R16RTCPU” of RH-*FRH***-R-* all versions, controller “CR800-*HRR with R16RTCPU” of RH-*FRHR***-R-* all versions, controller “CR800-*V*Q with Q172DSRCPU” of RV-*FR***-Q-* all versions, controller “CR800-*HQ with Q172DSRCPU” of RH-*FRH***-Q-* all versions, controller “CR800-*HRQ with Q172DSRCPU” of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller “CR800-CVD” of RV-8CRL-D-* all versions, controller “CR800-CHD” of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller “CR800-05VD” of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.
2021-01-29
not yet calculated
CVE-2021-20586
MISC

micrium — uchttp

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
2021-01-26
not yet calculated
CVE-2020-13582
MISC

microsoft — windows

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.
2021-01-26
not yet calculated
CVE-2021-22159
MISC
MISC

mitel — businesscti_enterprise_client_for_windows

The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.
2021-01-29
not yet calculated
CVE-2021-3176
MISC
CONFIRM

mitel — micollab

A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.
2021-01-29
not yet calculated
CVE-2020-35547
MISC
CONFIRM

monitorix — monitorix

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
2021-01-27
not yet calculated
CVE-2021-3325
MISC
MISC
MISC
CONFIRM

moodle — moodle
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.
2021-01-28
not yet calculated
CVE-2021-20184
MISC

moodle — moodle
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
2021-01-28
not yet calculated
CVE-2021-20187
MISC

moodle — moodle

It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.
2021-01-28
not yet calculated
CVE-2021-20183
MISC

moodle — moodle

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.
2021-01-28
not yet calculated
CVE-2021-20185
MISC

moodle — moodle

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
2021-01-28
not yet calculated
CVE-2021-20186
MISC

multiqueue2 — multiqueue2

An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.
2021-01-26
not yet calculated
CVE-2020-36214
MISC

mybb — mybb

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.
2021-01-28
not yet calculated
CVE-2021-3337
MISC
MISC

nagios — docker_config_wizard

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
2021-01-26
not yet calculated
CVE-2021-3193
MISC

newbee-mall — newbee-mall

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.
2021-01-26
not yet calculated
CVE-2020-23449
MISC

newbee-mall — newbee-mall

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system’s background /admin is in code AdminLoginInterceptor, which can be bypassed.
2021-01-26
not yet calculated
CVE-2020-23448
MISC

nextcloud — nextcloud_server

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
2021-01-26
not yet calculated
CVE-2020-8293
MISC
MISC

nextcloud — nextcloud_server

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
2021-01-26
not yet calculated
CVE-2020-8295
MISC
MISC

nibbleblog — nibbleblog

dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
2021-01-27
not yet calculated
CVE-2020-23356
MISC

nim — nim

In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
2021-01-30
not yet calculated
CVE-2020-15690
MISC
CONFIRM

node-red-contrib-huemagic — node-red-contrib-huemagic

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
2021-01-26
not yet calculated
CVE-2021-25864
MISC

nutch — dmozparser

An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
2021-01-25
not yet calculated
CVE-2021-23901
CONFIRM
CONFIRM
MLIST
MLIST

nvidia — multiple_products

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.
2021-01-26
not yet calculated
CVE-2021-1071
CONFIRM

nvidia — multiple_products

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.
2021-01-26
not yet calculated
CVE-2021-1070
CONFIRM

octopusdsc — octopusdsc

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.
2021-01-22
not yet calculated
CVE-2021-21270
MISC
MISC
MISC
CONFIRM

oncommand — unified_manager_core_package

OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).
2021-01-28
not yet calculated
CVE-2020-8585
MISC
CONFIRM

online_news_portal — online_news_portal

Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the “Title” parameter.
2021-01-26
not yet calculated
CVE-2020-29241
MISC

onlyoffice — document_server

Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.
2021-01-26
not yet calculated
CVE-2021-3199
MISC
CONFIRM

open5gs — open5gs

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
2021-01-26
not yet calculated
CVE-2021-25863
MISC

openemr — openemr

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.
2021-01-28
not yet calculated
CVE-2020-13569
MISC

openjpeg2 — openjpeg2

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
2021-01-26
not yet calculated
CVE-2020-27814
MISC
MISC
GENTOO

openmaint — openmaint

openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.
2021-01-26
not yet calculated
CVE-2020-24549
MISC
MISC

opensolution — quick

OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.
2021-01-28
not yet calculated
CVE-2020-35754
MISC
MISC
CONFIRM
MISC

oras — oras

ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a “zip-slip” vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.
2021-01-25
not yet calculated
CVE-2021-21272
MISC
MISC
CONFIRM
MISC

oscommerce — oscommerce

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
2021-01-27
not yet calculated
CVE-2020-23360
MISC

persis — human_resouce_management_portal

The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the “Recommend job posting” function is enabled, allows XSS via the SENDER parameter.
2021-01-26
not yet calculated
CVE-2020-35753
MISC

philips — interventional_workspot

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.
2021-01-26
not yet calculated
CVE-2020-27298
MISC

phplist — phplist

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
2021-01-26
not yet calculated
CVE-2021-3188
MISC

phplist — phplist

phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
2021-01-27
not yet calculated
CVE-2020-23361
MISC

projectsend — projectsend

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
2021-01-26
not yet calculated
CVE-2020-28874
MISC
CONFIRM
MISC
CONFIRM
MISC

pyrescom — termod4_time_management_devices

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
2021-01-26
not yet calculated
CVE-2020-23161
MISC
MISC

pyrescom — termod4_time_management_devices

Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.
2021-01-26
not yet calculated
CVE-2020-23162
MISC
MISC

qdocs — smart_hospital_management_system

A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
2021-01-26
not yet calculated
CVE-2020-36011
MISC
MISC

qemu — qemu

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
2021-01-28
not yet calculated
CVE-2020-35517
MISC
MISC
MISC
MISC

qemu — sdhci_devices

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
2021-01-30
not yet calculated
CVE-2020-17380
CONFIRM
CONFIRM

raw-cpuid_crate — raw-cpuid_crate

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.
2021-01-29
not yet calculated
CVE-2021-26306
MISC

raw-cpuid_crate — raw-cpuid_crate

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.
2021-01-29
not yet calculated
CVE-2021-26307
MISC

redhat — keycloak

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
2021-01-28
not yet calculated
CVE-2020-1725
MISC
MISC

redhat — keycloak

The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.
2021-01-28
not yet calculated
CVE-2020-1723
MISC

reffers — reffers

An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.
2021-01-26
not yet calculated
CVE-2020-36203
MISC

revive — adserver

Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
2021-01-26
not yet calculated
CVE-2021-22871
MISC
FULLDISC
MISC
MISC
MISC
MISC

revive — adserver

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
2021-01-26
not yet calculated
CVE-2021-22872
MISC
FULLDISC
MISC
MISC
MISC
MISC

revive — adserver

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
2021-01-26
not yet calculated
CVE-2021-22873
MISC
FULLDISC
MISC
MISC
MISC

riolink — p2p_products

The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.
2021-01-26
not yet calculated
CVE-2020-25169
MISC

riolink — p2p_products

An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access
2021-01-26
not yet calculated
CVE-2020-25173
MISC

rocket.chat — rocket.chat

The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
2021-01-26
not yet calculated
CVE-2020-8288
MISC
MISC
MISC

rostelecom — cs-c2shw
Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later.
2021-01-26
not yet calculated
CVE-2020-27541
MISC

rostelecom — cs-c2shw

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn’t parse QR codes if it’s already successfully configured. Camera is always rebooted after successful configuration via QR code.
2021-01-26
not yet calculated
CVE-2020-27542
MISC

rostelecom — cs-c2shw

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vcversion.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.
2021-01-26
not yet calculated
CVE-2020-27540
MISC

rostelecom — cs-c2shw

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it.
2021-01-26
not yet calculated
CVE-2020-27539
MISC

rsshub — rsshub
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint.
2021-01-26
not yet calculated
CVE-2021-21278
MISC
CONFIRM
MISC

rusb — rusb

An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.
2021-01-26
not yet calculated
CVE-2020-36206
MISC

sagemcom — f@st_3686_v2_3.495_devices

Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.
2021-01-26
not yet calculated
CVE-2021-3304
MISC

sangoma — asterisk

An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
2021-01-29
not yet calculated
CVE-2020-35652
CONFIRM
CONFIRM
MISC
MISC

smallvec — smallvec

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
2021-01-26
not yet calculated
CVE-2021-25900
MISC

smartagent — smartagent

SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
2021-01-26
not yet calculated
CVE-2021-3165
MISC
MISC
MISC

spring_cloud — data_flow

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
2021-01-27
not yet calculated
CVE-2020-5427
CONFIRM

spring_cloud — task

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
2021-01-27
not yet calculated
CVE-2020-5428
CONFIRM

student_result_management_system — student_result_management_system

Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.
2021-01-26
not yet calculated
CVE-2020-35270
MISC
MISC

sudo — sudo

Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character.
2021-01-26
not yet calculated
CVE-2021-3156
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
GENTOO
CONFIRM
CONFIRM
CISCO
DEBIAN
MISC
CONFIRM

tenda — ac5_ac1200

A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.
2021-01-26
not yet calculated
CVE-2021-3186
MISC
MISC

tendermint — tendermint_core

Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine – written in any programming language – and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.) In Tendermint Core v0.34.0-v0.34.2, the consensus reactor is responsible for forming DuplicateVoteEvidence whenever double signs are observed. However, the current block is still “in flight” when it is being formed by the consensus reactor. It hasn’t been finalized through network consensus yet. This means that different nodes in the network may observe different “last commits” when assigning a timestamp to DuplicateVoteEvidence. In turn, different nodes could form DuplicateVoteEvidence objects at the same height but with different timestamps. One DuplicateVoteEvidence object (with one timestamp) will then eventually get finalized in the block, but this means that any DuplicateVoteEvidence with a different timestamp is considered invalid. Any node that formed invalid DuplicateVoteEvidence will continue to propose invalid evidence; its peers may see this, and choose to disconnect from this node. This bug means that double signs are DoS vectors in Tendermint Core v0.34.0-v0.34.2. Tendermint Core v0.34.3 is a security release which fixes this bug. As of v0.34.3, DuplicateVoteEvidence is no longer formed by the consensus reactor; rather, the consensus reactor passes the Votes themselves into the EvidencePool, which is now responsible for forming DuplicateVoteEvidence. The EvidencePool has timestamp info that should be consistent across the network, which means that DuplicateVoteEvidence formed in this reactor should have consistent timestamps. This release changes the API between the consensus and evidence reactors.
2021-01-26
not yet calculated
CVE-2021-21271
MISC
MISC
CONFIRM

terramaster — terramaster_tos

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
2021-01-30
not yet calculated
CVE-2020-15568
MISC
MISC

textpattern — textpattern

Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
2021-01-26
not yet calculated
CVE-2020-35854
MISC
MISC
MISC

tibco — bpm_enterprise_and_bpm_enterprise_distribution

The Application Development Clients component of TIBCO Software Inc.’s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.
2021-01-26
not yet calculated
CVE-2021-23272
CONFIRM

tinycheck — tinycheck
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
2021-01-26
not yet calculated
CVE-2020-36200
MISC

tinycheck — tinycheck

TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
2021-01-26
not yet calculated
CVE-2020-36199
MISC

tm_mobile_solutions — testes_de_codigo

Mobile application “Testes de Codigo” v11.3 and prior allows stored XSS by injecting a payload in the “feedback” message field causing it to be stored in the remote database and leading to its execution on client devices when loading the “feedback list”, either by accessing the website directly or using the mobile application.
2021-01-28
not yet calculated
CVE-2021-25647
MISC

tp-link — tl-wr841N_v13

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
2021-01-26
not yet calculated
CVE-2020-35576
MISC
MISC

trendmicro — serverprotect

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2021-01-27
not yet calculated
CVE-2021-25225
N/A
N/A

trendmicro — serverprotect

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2021-01-27
not yet calculated
CVE-2021-25224
N/A
N/A

trendmicro — serverprotect

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2021-01-27
not yet calculated
CVE-2021-25226
N/A
N/A

trendmirco — housecall_for_home_networks

A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.
2021-01-27
not yet calculated
CVE-2021-25247
N/A

va-ts — va-ts

An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur.
2021-01-26
not yet calculated
CVE-2020-36220
MISC

vis-timeline — vis-timeline

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
2021-01-22
not yet calculated
CVE-2020-28487
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM

webid — webid

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
2021-01-27
not yet calculated
CVE-2020-23359
MISC

wekan — wekan

packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
2021-01-26
not yet calculated
CVE-2021-3309
MISC
MISC
MISC

wing_ftp — wing_ftp

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user’s browser.
2021-01-26
not yet calculated
CVE-2020-27735
MISC
MISC

winmail — winmail

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header ‘HOST’ value to cause the server to send the request.
2021-01-26
not yet calculated
CVE-2020-23776
MISC

winmail — winmail

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
2021-01-26
not yet calculated
CVE-2020-23774
MISC

winscp — winscp

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
2021-01-27
not yet calculated
CVE-2021-3331
MISC
MISC
MISC
MISC

wolfssl — tls13.c

DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).
2021-01-29
not yet calculated
CVE-2021-3336
MISC

xcb — xcb

An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.
2021-01-26
not yet calculated
CVE-2020-36205
MISC

xen — xen

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.
2021-01-26
not yet calculated
CVE-2021-3308
MLIST
MISC
FEDORA

xerox — workcentre_products

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.
2021-01-26
not yet calculated
CVE-2020-36201
MISC

yale — wipc-303w_cameras

** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176 .
2021-01-26
not yet calculated
CVE-2020-23826
MISC

z-blogphp — valyria

Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.
2021-01-27
not yet calculated
CVE-2020-23352
MISC

zen — cart

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
2021-01-26
not yet calculated
CVE-2021-3291
MISC

ziv_automation — 4cct-ea6-334126bf

Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.
2021-01-29
not yet calculated
CVE-2021-25910
CONFIRM

ziv_automation — 4cct-ea6-334126bf

ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.
2021-01-29
not yet calculated
CVE-2021-25909
CONFIRM

zte — multiple_products

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
2021-01-26
not yet calculated
CVE-2021-21723
MISC

zyxel — nbg2105

On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
2021-01-26
not yet calculated
CVE-2021-3297
MISC
MISC
MISC

This product is provided subject to this Notification and this Privacy & Use policy.Original release date: February 1, 2021

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
async-git_project — async-git	The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.	2021-01-26	7.5	CVE-2021-3190 MISC MISC MISC CONFIRM
caret — caret	A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.	2021-01-26	10	CVE-2020-20269 MISC FULLDISC MISC MISC MISC MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.	2021-01-29	7.2	CVE-2021-25129 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.	2021-01-29	7.2	CVE-2021-25137 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsolvideoremotestorage_func function.	2021-01-29	7.2	CVE-2021-25136 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsmtp_func function.	2021-01-29	7.2	CVE-2021-25135 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setremoteimageinfo_func function.	2021-01-29	7.2	CVE-2021-25134 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setradiusconfig_func function.	2021-01-29	7.2	CVE-2021-25133 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setmediaconfig_func function.	2021-01-29	7.2	CVE-2021-25132 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setfwimagelocation_func function.	2021-01-29	7.2	CVE-2021-25131 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function.	2021-01-29	7.2	CVE-2021-25130 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.	2021-01-29	7.2	CVE-2021-25128 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.	2021-01-29	7.2	CVE-2021-25127 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.	2021-01-29	7.2	CVE-2021-25126 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.	2021-01-29	7.2	CVE-2021-25125 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.	2021-01-29	7.2	CVE-2021-25124 MISC
hpe — cloudline_cl3100_gen10_server_firmware	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice uploadsshkey function.	2021-01-29	7.2	CVE-2021-25138 MISC
ibm — security_guardium	IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.	2021-01-27	9	CVE-2020-4952 XF CONFIRM
mingsoft — mcms	An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.	2021-01-26	7.5	CVE-2020-23262 MISC
pepperl-fuchs — io-link_master_4-eip_firmware	Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.	2021-01-22	9	CVE-2020-12513 CONFIRM
pyres — termod4	Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.	2021-01-26	9	CVE-2020-23160 MISC MISC
spotweb_project — spotweb	SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.	2021-01-26	7.5	CVE-2021-3286 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apache — java_chassis	When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5	2021-01-25	6	CVE-2020-17532 CONFIRM CONFIRM
apache — traffic_control	When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.	2021-01-26	5	CVE-2020-17522 MISC
deltaww — tpeditor	TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.	2021-01-26	6.8	CVE-2020-27284 MISC
deltaww — tpeditor	An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.	2021-01-26	6.8	CVE-2020-27288 MISC
dzzoffice — dzzoffice	attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.	2021-01-27	4.3	CVE-2021-3318 MISC
faststone — image_viewer	FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.	2021-01-26	6.8	CVE-2020-35844 MISC MISC
faststone — image_viewer	FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.	2021-01-26	6.8	CVE-2020-35845 MISC MISC
faststone — image_viewer	FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.	2021-01-26	4.3	CVE-2020-35843 MISC MISC
feehi — feehi_cms	Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.	2021-01-26	4.3	CVE-2020-21146 MISC
feehi — feehi_cms	Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.	2021-01-26	6.5	CVE-2020-22643 MISC
fujielectric — v-server	Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).	2021-01-27	6.8	CVE-2021-22653 MISC
fujielectric — v-server	Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).	2021-01-27	6.8	CVE-2021-22655 MISC
fujielectric — v-server	A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).	2021-01-27	6.8	CVE-2021-22641 MISC MISC
fujielectric — v-server	An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).	2021-01-27	6.8	CVE-2021-22639 MISC MISC
fujielectric — v-server	Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).	2021-01-27	6.8	CVE-2021-22637 MISC MISC
google — android	In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android, Versions: Android-10, Android ID: A-79703353.	2021-01-26	5	CVE-2020-0236 CONFIRM
hyweb — hycms-j1	Hyweb HyCMS-J1’s API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.	2021-01-22	6.5	CVE-2021-22847 CONFIRM
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.	2021-01-27	5	CVE-2020-4815 XF CONFIRM
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.	2021-01-27	5	CVE-2020-4628 XF CONFIRM
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.	2021-01-27	4.3	CVE-2020-4816 XF CONFIRM
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.	2021-01-27	4.3	CVE-2020-4820 XF CONFIRM
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.	2021-01-27	4	CVE-2020-4967 XF CONFIRM
ibm — mq_internet_pass-thru	IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.	2021-01-22	5	CVE-2020-4766 XF CONFIRM
ibm — security_guardium	IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.	2021-01-27	4	CVE-2020-4189 XF CONFIRM
ibm — websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.	2021-01-26	6.4	CVE-2020-4949 XF CONFIRM
iris — star_practice_management	An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.	2021-01-29	4	CVE-2020-28406 MISC MISC
iris — star_practice_management	An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.	2021-01-29	4	CVE-2020-28404 MISC MISC
iris — star_practice_management	An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.	2021-01-29	4	CVE-2020-28401 MISC MISC
iris — star_practice_management	An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.	2021-01-29	6.5	CVE-2020-28405 MISC MISC
iris — star_practice_management	An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.	2021-01-29	6.5	CVE-2020-28402 MISC MISC
iris — star_practice_management	A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.	2021-01-29	6.8	CVE-2020-28403 MISC MISC
jquery — jquery_ui	This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the “dialog” is injected into an HTML tag more than once, the browser and the application may crash.	2021-01-22	5	CVE-2020-28488 MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
mantisbt — mantisbt	An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)	2021-01-29	4	CVE-2020-29605 MISC MISC
mantisbt — mantisbt	An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.	2021-01-29	4	CVE-2020-29604 MISC MISC
mantisbt — mantisbt	In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects’ names via the manage_proj_edit_page.php project_id parameter, without having access to them.	2021-01-29	4	CVE-2020-29603 MISC MISC
misp — misp	A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in “path” parameter, an attacker can execute malicious JavaScript code.	2021-01-26	4.3	CVE-2020-24085 MISC
newbee-mall_project — newbee-mall	newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the “View Recipient Information” of this order in “Order Management Office”.	2021-01-26	4.3	CVE-2020-23447 MISC
nodered — node-red-dashboard	Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.	2021-01-26	5	CVE-2021-3223 MISC CONFIRM
openldap — openldap	An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.	2021-01-26	5	CVE-2020-36228 MISC MISC MISC
openldap — openldap	A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.	2021-01-26	5	CVE-2020-36230 MISC MISC MISC
openldap — openldap	A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.	2021-01-26	5	CVE-2020-36226 MISC MISC MISC MISC MISC MISC
openldap — openldap	An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).	2021-01-26	5	CVE-2020-36221 MISC MISC MISC MISC MISC
openldap — openldap	A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.	2021-01-26	5	CVE-2020-36222 MISC MISC MISC MISC MISC MISC
openldap — openldap	A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).	2021-01-26	5	CVE-2020-36223 MISC MISC MISC
openldap — openldap	A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.	2021-01-26	5	CVE-2020-36224 MISC MISC MISC MISC MISC MISC
openldap — openldap	A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.	2021-01-26	5	CVE-2020-36225 MISC MISC MISC MISC MISC MISC
openldap — openldap	A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.	2021-01-26	5	CVE-2020-36229 MISC MISC MISC
openldap — openldap	A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.	2021-01-26	5	CVE-2020-36227 MISC MISC MISC
panasonic — fpwin_pro	FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.	2021-01-26	6.8	CVE-2020-16236 MISC
pepperl-fuchs — io-link_master_4-eip_firmware	Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd	2021-01-22	4	CVE-2020-12514 CONFIRM
pepperl-fuchs — io-link_master_4-eip_firmware	Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.	2021-01-22	6.8	CVE-2020-12511 CONFIRM
phpgurukul — daily_expense_tracker_system	PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.	2021-01-29	4.3	CVE-2021-26303 MISC
phpgurukul_daily_expense_tracker_system_project — phpgurukul_daily_expense_tracker_system	PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.	2021-01-29	4.3	CVE-2021-26304 MISC
report_project — report	The MediaWiki “Report” extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.	2021-01-25	4.3	CVE-2021-21275 MISC CONFIRM
revive-adserver — revive_adserver	Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.	2021-01-28	4.3	CVE-2021-22875 MISC MISC MISC
revive-adserver — revive_adserver	Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.	2021-01-28	4.3	CVE-2021-22874 MISC MISC MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apfell_project — apfell	APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.	2021-01-26	3.5	CVE-2020-23014 MISC MISC
bdtask — multi-store	Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.	2021-01-27	3.5	CVE-2020-36012 MISC MISC MISC
bigprof — online_invoicing_system	Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.	2021-01-22	3.5	CVE-2021-21260 MISC CONFIRM
compo — composr_cms	Composr CMS 10.0.34 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via Add Banners in the Description field.	2021-01-26	3.5	CVE-2020-35310 MISC
hyweb — hycms-j1	Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.	2021-01-22	3.5	CVE-2021-22849 CONFIRM
ibm — collaborative_lifecycle_management	IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.	2021-01-27	3.5	CVE-2020-4524 XF CONFIRM
ibm — collaborative_lifecycle_management	IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.	2021-01-27	3.5	CVE-2020-4547 XF CONFIRM
ibm — collaborative_lifecycle_management	IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.	2021-01-27	3.5	CVE-2020-4855 XF CONFIRM
ibm — collaborative_lifecycle_management	IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.	2021-01-27	3.5	CVE-2020-4865 XF CONFIRM
ibm — collaborative_lifecycle_management	IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.	2021-01-27	3.5	CVE-2021-20357 XF CONFIRM
ibm — spectrum_scale	IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.	2021-01-26	2.1	CVE-2020-4889 XF CONFIRM
o-dyn — collabtive	Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.	2021-01-29	3.5	CVE-2021-3298 MISC MISC
openwrt — openwrt	LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.	2021-01-26	3.5	CVE-2019-25015 MISC MISC
pepperl-fuchs — io-link_master_4-eip_firmware	Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting	2021-01-22	3.5	CVE-2020-12512 CONFIRM
rockoa — rockoa	RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.	2021-01-26	3.5	CVE-2020-21147 MISC MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
rocket.chat — rocket.chat	Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.	2021-01-26	not yet calculated	CVE-2020-8292 MISC MISC
4images — image_gallary_management_system	4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.	2021-01-26	not yet calculated	CVE-2020-35853 MISC
abi_stable — abi_stable	An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.	2021-01-26	not yet calculated	CVE-2020-36212 MISC
abi_stable — abi_stable	An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness.	2021-01-26	not yet calculated	CVE-2020-36213 MISC
accfly — wireless_security_ir_camera_720p	An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.	2021-01-28	not yet calculated	CVE-2020-25783 MISC
accfly — wireless_security_ir_camera_720p	An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.	2021-01-28	not yet calculated	CVE-2020-25785 MISC
accfly — wireless_security_ir_camera_720p	An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.	2021-01-28	not yet calculated	CVE-2020-25782 MISC
accfly — wireless_security_ir_camera_720p	An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.	2021-01-28	not yet calculated	CVE-2020-25784 MISC
acdsee — professional_2021	PlugInsIDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.	2021-01-26	not yet calculated	CVE-2021-26026 MISC
acdsee — professional_2021	PlugInsIDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.	2021-01-26	not yet calculated	CVE-2021-26025 MISC
acronis_true_image — acronis_true_image	Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.	2021-01-29	not yet calculated	CVE-2020-35145 MISC CONFIRM
aovec — aovec	An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.	2021-01-26	not yet calculated	CVE-2020-36207 MISC
apache — activemq_artemis	The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.	2021-01-27	not yet calculated	CVE-2021-26117 MLIST MLIST MISC
apache — activemq_artemis	While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.	2021-01-27	not yet calculated	CVE-2021-26118 MLIST MISC
apache — druid	Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.	2021-01-29	not yet calculated	CVE-2021-25646 MLIST MLIST MLIST MLIST MISC
apache — hadoop	In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.	2021-01-26	not yet calculated	CVE-2020-9492 MISC MLIST
archer — archer	Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks.	2021-01-29	not yet calculated	CVE-2020-29536 CONFIRM MISC
archer — archer	Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.	2021-01-29	not yet calculated	CVE-2020-29537 CONFIRM MISC
archer — archer	Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks.	2021-01-29	not yet calculated	CVE-2020-29538 CONFIRM MISC
archer — archer	Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.	2021-01-29	not yet calculated	CVE-2020-29535 CONFIRM MISC
assuweb — assuweb	Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.	2021-01-28	not yet calculated	CVE-2021-3160 MISC MISC
async-h1 — async-h1	An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.	2021-01-26	not yet calculated	CVE-2020-36202 MISC
aterm — wf800hp_firmware	Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.	2021-01-28	not yet calculated	CVE-2021-20620 MISC MISC MISC
aterm — wg2600hp_firmware	Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.	2021-01-28	not yet calculated	CVE-2021-20621 MISC MISC MISC
aterm — wg2600hp_firmware	Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.	2021-01-28	not yet calculated	CVE-2021-20622 MISC MISC MISC
atlassian — bamboo	Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.	2021-01-28	not yet calculated	CVE-2021-26067 MISC
atomic-option — atomic-option	An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur.	2021-01-26	not yet calculated	CVE-2020-36219 MISC
autoand — autoand	An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.	2021-01-26	not yet calculated	CVE-2020-36210 MISC
av-data — av-data	An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.	2021-01-26	not yet calculated	CVE-2021-25904 MISC
bakeshop — online_ordering_system	Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard – “Categories”.	2021-01-26	not yet calculated	CVE-2020-35309 MISC
basic_dsp_matrix — basic_dsp_matrix	An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.	2021-01-26	not yet calculated	CVE-2021-25906 MISC
bitcoin — core	bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call.	2021-01-26	not yet calculated	CVE-2021-3195 MISC
bosch — fsm-2500_server_and_fsm-5000_server	Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system.	2021-01-26	not yet calculated	CVE-2020-6779 MISC
bosch — fsm-2500_server_and_fsm-5000_server	Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.	2021-01-26	not yet calculated	CVE-2020-6780 MISC
bra — bra	An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.	2021-01-26	not yet calculated	CVE-2021-25905 MISC
buttplug — buttplug	An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send\|!Sync) objects, leading to a data race.	2021-01-26	not yet calculated	CVE-2020-36218 MISC
cache — cache	An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.	2021-01-26	not yet calculated	CVE-2021-25903 MISC
cakephp — cakephp	A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method.	2021-01-26	not yet calculated	CVE-2020-35239 MISC
cdr-rs — cdr-rs	An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.	2021-01-29	not yet calculated	CVE-2021-26305 MISC
churchrota — churchrota	ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.	2021-01-26	not yet calculated	CVE-2021-3164 MISC MISC
ckeditor — ckeditor	It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).	2021-01-26	not yet calculated	CVE-2021-26271 MISC
ckeditor — ckeditor	It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).	2021-01-26	not yet calculated	CVE-2021-26272 MISC
ckeditor — ckeditor	CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.	2021-01-29	not yet calculated	CVE-2021-21254 MISC CONFIRM MISC
codiad — codiad	PRODUCT NOT SUPPORTED WHEN ASSIGNED Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.	2021-01-27	not yet calculated	CVE-2020-23355 MISC
conquer-once — conquer-once	An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.	2021-01-26	not yet calculated	CVE-2020-36208 MISC
containers — containers	An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.	2021-01-26	not yet calculated	CVE-2021-25907 MISC
cpanel — cpanel	cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).	2021-01-26	not yet calculated	CVE-2021-26266 MISC
cpanel — cpanel	cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).	2021-01-26	not yet calculated	CVE-2021-26267 MISC
d-link — dir_825_r1_devices	An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.	2021-01-29	not yet calculated	CVE-2020-29557 MISC MISC
delta_electronics — ispsoft	A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.	2021-01-26	not yet calculated	CVE-2020-27280 MISC
dh2i — dxenterprise_and_dxodyssey	A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.	2021-01-29	not yet calculated	CVE-2021-3341 MISC
duncaen — opendoas	In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.	2021-01-28	not yet calculated	CVE-2019-25016 MISC MISC MISC MISC
ecostruxure — operator_terminal_expert_and_pro-face_blue	A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.	2021-01-26	not yet calculated	CVE-2020-28221 MISC
ecostruxure — power_build	A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build – Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.	2021-01-26	not yet calculated	CVE-2021-22698 MISC
ecostruxure — power_build	A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build – Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.	2021-01-26	not yet calculated	CVE-2021-22697 MISC
egavilan — media_crud_operation	Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the ‘Add New Record Feature’.	2021-01-28	not yet calculated	CVE-2020-36115 MISC
egavilanmedia — user_registration_and_login_system	EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.	2021-01-26	not yet calculated	CVE-2020-35263 MISC
electron — electron	The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.	2021-01-28	not yet calculated	CVE-2020-26272 MISC MISC MISC CONFIRM MISC
eset — multiple_products	A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.	2021-01-26	not yet calculated	CVE-2020-26941 MISC
eventio — eventio	An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.	2021-01-26	not yet calculated	CVE-2020-36216 MISC
fil-ocl — fil-ocl	An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.	2021-01-26	not yet calculated	CVE-2021-25908 MISC
flarum — flarum	Flarum is an open source discussion platform for websites. The “Flarum Sticky” extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through the m.trust() helper. This resulted in an HTML injection where <script> tags would not be executed. However it was possible to run javascript from other HTML attributes, enabling a cross-site scripting (XSS) attack to be performed. Since the exploit only happens with the first post of a pinned discussion, an attacker would need the ability to pin their own discussion, or be able to edit a discussion that was previously pinned. On forums where all pinned posts are authored by your staff, you can be relatively certain the vulnerability has not been exploited. Forums where some user-created discussions were pinned can look at the first post edit date to find whether the vulnerability might have been exploited. Because Flarum doesn’t store the post content history, you cannot be certain if a malicious edit was reverted. The fix will be available in version v0.1.0-beta.16 with Flarum beta 16. The fix has already been back-ported to Flarum beta 15 as version v0.1.0-beta.15.1 of the Sticky extension. Forum administrators can disable the Sticky extension until they are able to apply the update. The vulnerability cannot be exploited while the extension is disabled.	2021-01-26	not yet calculated	CVE-2021-21283 MISC MISC MISC CONFIRM
foris — foris	Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.	2021-01-29	not yet calculated	CVE-2021-3346 MISC MISC MISC
ftpd — ftpd	The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.	2021-01-26	not yet calculated	CVE-2013-2512 MISC
geeni — gnc-cw013	An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password.	2021-01-26	not yet calculated	CVE-2020-28998 MISC MISC
geeni — gnc-cw013	An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service.	2021-01-26	not yet calculated	CVE-2020-28999 MISC MISC
geeni — gnc-cw013	An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.	2021-01-26	not yet calculated	CVE-2020-29000 MISC MISC
geeni — mulitple_products	An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application.	2021-01-26	not yet calculated	CVE-2020-29001 MISC MISC
gfwx — gfwx	An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.	2021-01-26	not yet calculated	CVE-2020-36211 MISC
glsl-layout — glsl-layout	An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.	2021-01-26	not yet calculated	CVE-2021-25902 MISC
gnu — c_library	The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.	2021-01-27	not yet calculated	CVE-2021-3326 MLIST MISC MISC
go — go	Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).	2021-01-26	not yet calculated	CVE-2021-3115 CONFIRM CONFIRM
go — go	In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.	2021-01-26	not yet calculated	CVE-2021-3114 CONFIRM CONFIRM
godaddy — godaddy	DISPUTED scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.	2021-01-27	not yet calculated	CVE-2021-26276 MISC
google — android	In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138791358	2021-01-26	not yet calculated	CVE-2020-27098 MISC
google — android	In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729426	2021-01-26	not yet calculated	CVE-2020-27097 MISC
gstreamer — h264	A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.	2021-01-26	not yet calculated	CVE-2021-3185 MISC
hackolade — hackolade	An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application.	2021-01-26	not yet calculated	CVE-2020-25737 MISC
hashconsing — hashconsing	An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.	2021-01-26	not yet calculated	CVE-2020-36215 MISC
hedgedoc — hedgedoc	HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.2. ### Workarounds Disallow loading JavaScript from 3rd party sites using the `Content-Security-Policy` header. Note that this will break some embedded content. ### References This issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648 ### For more information If you have any questions or comments about this advisory: * Open an topic on our community forum * Join our matrix room	2021-01-22	not yet calculated	CVE-2021-21259 MISC MISC CONFIRM
hewlett_packard — multiple_products	The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function.	2021-01-29	not yet calculated	CVE-2021-25123 MISC
hitachi — vantara_pentaho	The New Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Analysis Report Description’ field in ‘About this Report’ section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.	2021-01-29	not yet calculated	CVE-2020-24669 MISC MISC
hitachi — vantara_pentaho	The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘type’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.	2021-01-29	not yet calculated	CVE-2020-24670 MISC MISC
hitachi — vantara_pentaho	The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA	2021-01-29	not yet calculated	CVE-2020-24665 MISC MISC
hitachi — vantara_pentaho	The Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Display Name’ parameter. Remediated in >= 9.1.0.1	2021-01-29	not yet calculated	CVE-2020-24666 MISC MISC
hitachi — vantara_pentaho	The dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘pho:title’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.	2021-01-29	not yet calculated	CVE-2020-24664 MISC MISC
home_assistant — home_assistant	DISPUTED Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor’s perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation.	2021-01-26	not yet calculated	CVE-2021-3152 CONFIRM MISC
htcondor — condor_credd	condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.	2021-01-27	not yet calculated	CVE-2021-25311 MISC
htcondor — htcondor	HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.	2021-01-27	not yet calculated	CVE-2021-25312 MISC
ibm — infosphere_information_server	UNSUPPORTED WHEN ASSIGNED IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2021-01-26	not yet calculated	CVE-2020-27583 MISC
ibm — mq	IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.	2021-01-28	not yet calculated	CVE-2020-4682 XF CONFIRM
ibm — qradar_siem	IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.	2021-01-28	not yet calculated	CVE-2020-4888 XF CONFIRM
ibm — qradar_siem	IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.	2021-01-27	not yet calculated	CVE-2020-4787 XF CONFIRM
ibm — qradar_siem	IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.	2021-01-27	not yet calculated	CVE-2020-4789 XF CONFIRM
ibm — qradar_siem	IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.	2021-01-27	not yet calculated	CVE-2020-4786 XF CONFIRM
ide_atapi_cmd_reply_end — ide_atapi_cmd_reply_end	ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.	2021-01-26	not yet calculated	CVE-2020-29443 MISC MISC
im — im	An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.	2021-01-26	not yet calculated	CVE-2020-36204 MISC
iniparserjs — iniparserjs	This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.	2021-01-29	not yet calculated	CVE-2021-23328 MISC MISC
istio_pilot — istio_pilot	A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).	2021-01-29	not yet calculated	CVE-2019-25014 MISC MISC
jenkins — jenkins	Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.	2021-01-26	not yet calculated	CVE-2021-21615 MLIST CONFIRM
jp2_ decode — jp2_decode	jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.	2021-01-27	not yet calculated	CVE-2021-3272 MISC
jxbrowser — ti_code_composer_studio_ide	jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.	2021-01-26	not yet calculated	CVE-2021-3285 MISC
klog — klog_server	KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.	2021-01-26	not yet calculated	CVE-2021-3317 MISC
late-static — late-static	An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.	2021-01-26	not yet calculated	CVE-2020-36209 MISC
lazy-init — lazy-init	An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.	2021-01-26	not yet calculated	CVE-2021-25901 MISC
libgcrypt — libgcrypt	_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 has a heap-based buffer overflow when the digest final function sets a large count value.	2021-01-29	not yet calculated	CVE-2021-3345 MISC MISC MISC MISC MISC
linux — linux_kernel	A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.	2021-01-26	not yet calculated	CVE-2020-35513 MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.	2021-01-29	not yet calculated	CVE-2021-3347 MLIST MLIST MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC
local_service — search_engine_management	Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.	2021-01-26	not yet calculated	CVE-2021-3278 MISC MISC
logstorage — logstorage	Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.	2021-01-28	not yet calculated	CVE-2020-5626 MISC MISC
m&m_software — fdtcontainer_component	M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.	2021-01-22	not yet calculated	CVE-2020-12525 CONFIRM MISC
madcodehook — madcodehook	A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.	2021-01-30	not yet calculated	CVE-2020-14418 MISC MISC
marc_crate — marc_crate	An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.	2021-01-29	not yet calculated	CVE-2021-26308 MISC
matrikon — opc_ua_tunneller	The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).	2021-01-26	not yet calculated	CVE-2020-27297 MISC
matrikon — opc_ua_tunneller	The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).	2021-01-26	not yet calculated	CVE-2020-27299 MISC
matrikon — opc_ua_tunneller	The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).	2021-01-26	not yet calculated	CVE-2020-27295 MISC
matrikon — opc_ua_tunneller	Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).	2021-01-26	not yet calculated	CVE-2020-27274 MISC
mautic — mautic	A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.	2021-01-28	not yet calculated	CVE-2020-35124 MISC MISC MISC MISC
may_queue — may_queue	An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.	2021-01-26	not yet calculated	CVE-2020-36217 MISC
mediawiki — mediawiki	The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.	2021-01-29	not yet calculated	CVE-2020-29004 MISC CONFIRM MISC
mediawiki — mediawiki	The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.	2021-01-29	not yet calculated	CVE-2020-29005 MISC MISC
melfa — fr_series_controllers	Resource management errors vulnerability in a robot controller of MELFA FR Series(controller “CR800-VD” of RV-FR*-D- all versions, controller “CR800-HD” of RH-FRH**-D- all versions, controller “CR800-HRD” of RH-FRHR**-D- all versions, controller “CR800-VR with R16RTCPU” of RV-FR*-R- all versions, controller “CR800-HR with R16RTCPU” of RH-FRH**-R- all versions, controller “CR800-HRR with R16RTCPU” of RH-FRHR**-R- all versions, controller “CR800-VQ with Q172DSRCPU” of RV-FR*-Q- all versions, controller “CR800-HQ with Q172DSRCPU” of RH-FRH**-Q- all versions, controller “CR800-HRQ with Q172DSRCPU” of RH-FRHR**-Q- all versions) and a robot controller of MELFA CR Series(controller “CR800-CVD” of RV-8CRL-D-* all versions, controller “CR800-CHD” of RH-CRH-D- all versions) as well as a cooperative robot ASSISTA(controller “CR800-05VD” of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.	2021-01-29	not yet calculated	CVE-2021-20586 MISC
micrium — uchttp	A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.	2021-01-26	not yet calculated	CVE-2020-13582 MISC
microsoft — windows	Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.	2021-01-26	not yet calculated	CVE-2021-22159 MISC MISC
mitel — businesscti_enterprise_client_for_windows	The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.	2021-01-29	not yet calculated	CVE-2021-3176 MISC CONFIRM
mitel — micollab	A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.	2021-01-29	not yet calculated	CVE-2020-35547 MISC CONFIRM
monitorix — monitorix	Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.	2021-01-27	not yet calculated	CVE-2021-3325 MISC MISC MISC CONFIRM
moodle — moodle	It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.	2021-01-28	not yet calculated	CVE-2021-20184 MISC
moodle — moodle	It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.	2021-01-28	not yet calculated	CVE-2021-20187 MISC
moodle — moodle	It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.	2021-01-28	not yet calculated	CVE-2021-20183 MISC
moodle — moodle	It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.	2021-01-28	not yet calculated	CVE-2021-20185 MISC
moodle — moodle	It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.	2021-01-28	not yet calculated	CVE-2021-20186 MISC
multiqueue2 — multiqueue2	An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.	2021-01-26	not yet calculated	CVE-2020-36214 MISC
mybb — mybb	The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.	2021-01-28	not yet calculated	CVE-2021-3337 MISC MISC
nagios — docker_config_wizard	Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.	2021-01-26	not yet calculated	CVE-2021-3193 MISC
newbee-mall — newbee-mall	newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.	2021-01-26	not yet calculated	CVE-2020-23449 MISC
newbee-mall — newbee-mall	newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system’s background /admin is in code AdminLoginInterceptor, which can be bypassed.	2021-01-26	not yet calculated	CVE-2020-23448 MISC
nextcloud — nextcloud_server	A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.	2021-01-26	not yet calculated	CVE-2020-8293 MISC MISC
nextcloud — nextcloud_server	A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.	2021-01-26	not yet calculated	CVE-2020-8295 MISC MISC
nibbleblog — nibbleblog	dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.	2021-01-27	not yet calculated	CVE-2020-23356 MISC
nim — nim	In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.	2021-01-30	not yet calculated	CVE-2020-15690 MISC CONFIRM
node-red-contrib-huemagic — node-red-contrib-huemagic	node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.	2021-01-26	not yet calculated	CVE-2021-25864 MISC
nutch — dmozparser	An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.	2021-01-25	not yet calculated	CVE-2021-23901 CONFIRM CONFIRM MLIST MLIST
nvidia — multiple_products	NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.	2021-01-26	not yet calculated	CVE-2021-1071 CONFIRM
nvidia — multiple_products	NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.	2021-01-26	not yet calculated	CVE-2021-1070 CONFIRM
octopusdsc — octopusdsc	OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.	2021-01-22	not yet calculated	CVE-2021-21270 MISC MISC MISC CONFIRM
oncommand — unified_manager_core_package	OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).	2021-01-28	not yet calculated	CVE-2020-8585 MISC CONFIRM
online_news_portal — online_news_portal	Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the “Title” parameter.	2021-01-26	not yet calculated	CVE-2020-29241 MISC
onlyoffice — document_server	Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.	2021-01-26	not yet calculated	CVE-2021-3199 MISC CONFIRM
open5gs — open5gs	Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.	2021-01-26	not yet calculated	CVE-2021-25863 MISC
openemr — openemr	A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.	2021-01-28	not yet calculated	CVE-2020-13569 MISC
openjpeg2 — openjpeg2	A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.	2021-01-26	not yet calculated	CVE-2020-27814 MISC MISC GENTOO
openmaint — openmaint	openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.	2021-01-26	not yet calculated	CVE-2020-24549 MISC MISC
opensolution — quick	OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.	2021-01-28	not yet calculated	CVE-2020-35754 MISC MISC CONFIRM MISC
oras — oras	ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a “zip-slip” vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.	2021-01-25	not yet calculated	CVE-2021-21272 MISC MISC CONFIRM MISC
oscommerce — oscommerce	oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php	2021-01-27	not yet calculated	CVE-2020-23360 MISC
persis — human_resouce_management_portal	The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the “Recommend job posting” function is enabled, allows XSS via the SENDER parameter.	2021-01-26	not yet calculated	CVE-2020-35753 MISC
philips — interventional_workspot	Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.	2021-01-26	not yet calculated	CVE-2020-27298 MISC
phplist — phplist	phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.	2021-01-26	not yet calculated	CVE-2021-3188 MISC
phplist — phplist	phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.	2021-01-27	not yet calculated	CVE-2020-23361 MISC
projectsend — projectsend	reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).	2021-01-26	not yet calculated	CVE-2020-28874 MISC CONFIRM MISC CONFIRM MISC
pyrescom — termod4_time_management_devices	Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.	2021-01-26	not yet calculated	CVE-2020-23161 MISC MISC
pyrescom — termod4_time_management_devices	Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.	2021-01-26	not yet calculated	CVE-2020-23162 MISC MISC
qdocs — smart_hospital_management_system	A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.	2021-01-26	not yet calculated	CVE-2020-36011 MISC MISC
qemu — qemu	A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.	2021-01-28	not yet calculated	CVE-2020-35517 MISC MISC MISC MISC
qemu — sdhci_devices	A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.	2021-01-30	not yet calculated	CVE-2020-17380 CONFIRM CONFIRM
raw-cpuid_crate — raw-cpuid_crate	An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.	2021-01-29	not yet calculated	CVE-2021-26306 MISC
raw-cpuid_crate — raw-cpuid_crate	An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.	2021-01-29	not yet calculated	CVE-2021-26307 MISC
redhat — keycloak	A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.	2021-01-28	not yet calculated	CVE-2020-1725 MISC MISC
redhat — keycloak	The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.	2021-01-28	not yet calculated	CVE-2020-1723 MISC
reffers — reffers	An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.	2021-01-26	not yet calculated	CVE-2020-36203 MISC
revive — adserver	Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.	2021-01-26	not yet calculated	CVE-2021-22871 MISC FULLDISC MISC MISC MISC MISC
revive — adserver	Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.	2021-01-26	not yet calculated	CVE-2021-22872 MISC FULLDISC MISC MISC MISC MISC
revive — adserver	Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.	2021-01-26	not yet calculated	CVE-2021-22873 MISC FULLDISC MISC MISC MISC
riolink — p2p_products	The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.	2021-01-26	not yet calculated	CVE-2020-25169 MISC
riolink — p2p_products	An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access	2021-01-26	not yet calculated	CVE-2020-25173 MISC
rocket.chat — rocket.chat	The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.	2021-01-26	not yet calculated	CVE-2020-8288 MISC MISC MISC
rostelecom — cs-c2shw	Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later.	2021-01-26	not yet calculated	CVE-2020-27541 MISC
rostelecom — cs-c2shw	Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn’t parse QR codes if it’s already successfully configured. Camera is always rebooted after successful configuration via QR code.	2021-01-26	not yet calculated	CVE-2020-27542 MISC
rostelecom — cs-c2shw	Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vcversion.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.	2021-01-26	not yet calculated	CVE-2020-27540 MISC
rostelecom — cs-c2shw	Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it.	2021-01-26	not yet calculated	CVE-2020-27539 MISC
rsshub — rsshub	RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint.	2021-01-26	not yet calculated	CVE-2021-21278 MISC CONFIRM MISC
rusb — rusb	An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.	2021-01-26	not yet calculated	CVE-2020-36206 MISC
sagemcom — f@st_3686_v2_3.495_devices	Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.	2021-01-26	not yet calculated	CVE-2021-3304 MISC
sangoma — asterisk	An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.	2021-01-29	not yet calculated	CVE-2020-35652 CONFIRM CONFIRM MISC MISC
smallvec — smallvec	An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.	2021-01-26	not yet calculated	CVE-2021-25900 MISC
smartagent — smartagent	SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.	2021-01-26	not yet calculated	CVE-2021-3165 MISC MISC MISC
spring_cloud — data_flow	In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.	2021-01-27	not yet calculated	CVE-2020-5427 CONFIRM
spring_cloud — task	In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.	2021-01-27	not yet calculated	CVE-2020-5428 CONFIRM
student_result_management_system — student_result_management_system	Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.	2021-01-26	not yet calculated	CVE-2020-35270 MISC MISC
sudo — sudo	Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character.	2021-01-26	not yet calculated	CVE-2021-3156 MISC MLIST MLIST MLIST FEDORA FEDORA GENTOO CONFIRM CONFIRM CISCO DEBIAN MISC CONFIRM
tenda — ac5_ac1200	A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.	2021-01-26	not yet calculated	CVE-2021-3186 MISC MISC
tendermint — tendermint_core	Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine – written in any programming language – and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.) In Tendermint Core v0.34.0-v0.34.2, the consensus reactor is responsible for forming DuplicateVoteEvidence whenever double signs are observed. However, the current block is still “in flight” when it is being formed by the consensus reactor. It hasn’t been finalized through network consensus yet. This means that different nodes in the network may observe different “last commits” when assigning a timestamp to DuplicateVoteEvidence. In turn, different nodes could form DuplicateVoteEvidence objects at the same height but with different timestamps. One DuplicateVoteEvidence object (with one timestamp) will then eventually get finalized in the block, but this means that any DuplicateVoteEvidence with a different timestamp is considered invalid. Any node that formed invalid DuplicateVoteEvidence will continue to propose invalid evidence; its peers may see this, and choose to disconnect from this node. This bug means that double signs are DoS vectors in Tendermint Core v0.34.0-v0.34.2. Tendermint Core v0.34.3 is a security release which fixes this bug. As of v0.34.3, DuplicateVoteEvidence is no longer formed by the consensus reactor; rather, the consensus reactor passes the Votes themselves into the EvidencePool, which is now responsible for forming DuplicateVoteEvidence. The EvidencePool has timestamp info that should be consistent across the network, which means that DuplicateVoteEvidence formed in this reactor should have consistent timestamps. This release changes the API between the consensus and evidence reactors.	2021-01-26	not yet calculated	CVE-2021-21271 MISC MISC CONFIRM
terramaster — terramaster_tos	TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.	2021-01-30	not yet calculated	CVE-2020-15568 MISC MISC
textpattern — textpattern	Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.	2021-01-26	not yet calculated	CVE-2020-35854 MISC MISC MISC
tibco — bpm_enterprise_and_bpm_enterprise_distribution	The Application Development Clients component of TIBCO Software Inc.’s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.	2021-01-26	not yet calculated	CVE-2021-23272 CONFIRM
tinycheck — tinycheck	TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.	2021-01-26	not yet calculated	CVE-2020-36200 MISC
tinycheck — tinycheck	TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.	2021-01-26	not yet calculated	CVE-2020-36199 MISC
tm_mobile_solutions — testes_de_codigo	Mobile application “Testes de Codigo” v11.3 and prior allows stored XSS by injecting a payload in the “feedback” message field causing it to be stored in the remote database and leading to its execution on client devices when loading the “feedback list”, either by accessing the website directly or using the mobile application.	2021-01-28	not yet calculated	CVE-2021-25647 MISC
tp-link — tl-wr841N_v13	A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.	2021-01-26	not yet calculated	CVE-2020-35576 MISC MISC
trendmicro — serverprotect	A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2021-01-27	not yet calculated	CVE-2021-25225 N/A N/A
trendmicro — serverprotect	A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2021-01-27	not yet calculated	CVE-2021-25224 N/A N/A
trendmicro — serverprotect	A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2021-01-27	not yet calculated	CVE-2021-25226 N/A N/A
trendmirco — housecall_for_home_networks	A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.	2021-01-27	not yet calculated	CVE-2021-25247 N/A
va-ts — va-ts	An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur.	2021-01-26	not yet calculated	CVE-2020-36220 MISC
vis-timeline — vis-timeline	This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.	2021-01-22	not yet calculated	CVE-2020-28487 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
webid — webid	WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.	2021-01-27	not yet calculated	CVE-2020-23359 MISC
wekan — wekan	packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,	2021-01-26	not yet calculated	CVE-2021-3309 MISC MISC MISC
wing_ftp — wing_ftp	An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user’s browser.	2021-01-26	not yet calculated	CVE-2020-27735 MISC MISC
winmail — winmail	A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header ‘HOST’ value to cause the server to send the request.	2021-01-26	not yet calculated	CVE-2020-23776 MISC
winmail — winmail	A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.	2021-01-26	not yet calculated	CVE-2020-23774 MISC
winscp — winscp	WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)	2021-01-27	not yet calculated	CVE-2021-3331 MISC MISC MISC MISC
wolfssl — tls13.c	DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).	2021-01-29	not yet calculated	CVE-2021-3336 MISC
xcb — xcb	An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.	2021-01-26	not yet calculated	CVE-2020-36205 MISC
xen — xen	An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.	2021-01-26	not yet calculated	CVE-2021-3308 MLIST MISC FEDORA
xerox — workcentre_products	An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.	2021-01-26	not yet calculated	CVE-2020-36201 MISC
yale — wipc-303w_cameras	DISPUTED The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176 .	2021-01-26	not yet calculated	CVE-2020-23826 MISC
z-blogphp — valyria	Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.	2021-01-27	not yet calculated	CVE-2020-23352 MISC
zen — cart	Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.	2021-01-26	not yet calculated	CVE-2021-3291 MISC
ziv_automation — 4cct-ea6-334126bf	Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.	2021-01-29	not yet calculated	CVE-2021-25910 CONFIRM
ziv_automation — 4cct-ea6-334126bf	ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.	2021-01-29	not yet calculated	CVE-2021-25909 CONFIRM
zte — multiple_products	Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.	2021-01-26	not yet calculated	CVE-2021-21723 MISC
zyxel — nbg2105	On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.	2021-01-26	not yet calculated	CVE-2021-3297 MISC MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Securing Your Data

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Leave a Reply Cancel Reply

RebootTwice LLC

Helping Your Business Securely Build Success