Vulnerability Summary for the Week of January 25, 2021

Released
Feb 01, 2021
Document ID
SB21-032

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
async-git_project -- async-gitThe async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.2021-01-267.5CVE-2021-3190
MISC
MISC
MISC
CONFIRM
caret -- caretA specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.2021-01-2610CVE-2020-20269
MISC
FULLDISC
MISC
MISC
MISC
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.2021-01-297.2CVE-2021-25129
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.2021-01-297.2CVE-2021-25137
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsolvideoremotestorage_func function.2021-01-297.2CVE-2021-25136
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsmtp_func function.2021-01-297.2CVE-2021-25135
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setremoteimageinfo_func function.2021-01-297.2CVE-2021-25134
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setradiusconfig_func function.2021-01-297.2CVE-2021-25133
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setmediaconfig_func function.2021-01-297.2CVE-2021-25132
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setfwimagelocation_func function.2021-01-297.2CVE-2021-25131
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function.2021-01-297.2CVE-2021-25130
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.2021-01-297.2CVE-2021-25128
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.2021-01-297.2CVE-2021-25127
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.2021-01-297.2CVE-2021-25126
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.2021-01-297.2CVE-2021-25125
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.2021-01-297.2CVE-2021-25124
MISC
hpe -- cloudline_cl3100_gen10_server_firmwareThe Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice uploadsshkey function.2021-01-297.2CVE-2021-25138
MISC
ibm -- security_guardiumIBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.2021-01-279CVE-2020-4952
XF
CONFIRM
mingsoft -- mcmsAn issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.2021-01-267.5CVE-2020-23262
MISC
pepperl-fuchs -- io-link_master_4-eip_firmwarePepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.2021-01-229CVE-2020-12513
CONFIRM
pyres -- termod4Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.2021-01-269CVE-2020-23160
MISC
MISC
spotweb_project -- spotwebSQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.2021-01-267.5CVE-2021-3286
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- java_chassisWhen handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.52021-01-256CVE-2020-17532
CONFIRM
CONFIRM
apache -- traffic_controlWhen ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.2021-01-265CVE-2020-17522
MISC
deltaww -- tpeditorTPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.2021-01-266.8CVE-2020-27284
MISC
deltaww -- tpeditorAn untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.2021-01-266.8CVE-2020-27288
MISC
dzzoffice -- dzzofficeattach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.2021-01-274.3CVE-2021-3318
MISC
faststone -- image_viewerFastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.2021-01-266.8CVE-2020-35844
MISC
MISC
faststone -- image_viewerFastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.2021-01-266.8CVE-2020-35845
MISC
MISC
faststone -- image_viewerFastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.2021-01-264.3CVE-2020-35843
MISC
MISC
feehi -- feehi_cmsFeehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.2021-01-264.3CVE-2020-21146
MISC
feehi -- feehi_cmsFeehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.2021-01-266.5CVE-2020-22643
MISC
fujielectric -- v-serverMultiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).2021-01-276.8CVE-2021-22653
MISC
fujielectric -- v-serverMultiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).2021-01-276.8CVE-2021-22655
MISC
fujielectric -- v-serverA heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).2021-01-276.8CVE-2021-22641
MISC
MISC
fujielectric -- v-serverAn uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).2021-01-276.8CVE-2021-22639
MISC
MISC
fujielectric -- v-serverMultiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).2021-01-276.8CVE-2021-22637
MISC
MISC
google -- androidIn A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android, Versions: Android-10, Android ID: A-79703353.2021-01-265CVE-2020-0236
CONFIRM
hyweb -- hycms-j1Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.2021-01-226.5CVE-2021-22847
CONFIRM
ibm -- cloud_pak_for_securityIBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.2021-01-275CVE-2020-4815
XF
CONFIRM
ibm -- cloud_pak_for_securityIBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.2021-01-275CVE-2020-4628
XF
CONFIRM
ibm -- cloud_pak_for_securityIBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.2021-01-274.3CVE-2020-4816
XF
CONFIRM
ibm -- cloud_pak_for_securityIBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2021-01-274.3CVE-2020-4820
XF
CONFIRM
ibm -- cloud_pak_for_securityIBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.2021-01-274CVE-2020-4967
XF
CONFIRM
ibm -- mq_internet_pass-thruIBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.2021-01-225CVE-2020-4766
XF
CONFIRM
ibm -- security_guardiumIBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.2021-01-274CVE-2020-4189
XF
CONFIRM
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.2021-01-266.4CVE-2020-4949
XF
CONFIRM
iris -- star_practice_managementAn improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.2021-01-294CVE-2020-28406
MISC
MISC
iris -- star_practice_managementAn improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.2021-01-294CVE-2020-28404
MISC
MISC
iris -- star_practice_managementAn improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.2021-01-294CVE-2020-28401
MISC
MISC
iris -- star_practice_managementAn improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.2021-01-296.5CVE-2020-28405
MISC
MISC
iris -- star_practice_managementAn improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.2021-01-296.5CVE-2020-28402
MISC
MISC
iris -- star_practice_managementA Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.2021-01-296.8CVE-2020-28403
MISC
MISC
jquery -- jquery_uiThis affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.2021-01-225CVE-2020-28488
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mantisbt -- mantisbtAn issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)2021-01-294CVE-2020-29605
MISC
MISC
mantisbt -- mantisbtAn issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.2021-01-294CVE-2020-29604
MISC
MISC
mantisbt -- mantisbtIn manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.2021-01-294CVE-2020-29603
MISC
MISC
misp -- mispA cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.2021-01-264.3CVE-2020-24085
MISC
newbee-mall_project -- newbee-mallnewbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".2021-01-264.3CVE-2020-23447
MISC
nodered -- node-red-dashboardNode-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.2021-01-265CVE-2021-3223
MISC
CONFIRM
openldap -- openldapAn integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.2021-01-265CVE-2020-36228
MISC
MISC
MISC
openldap -- openldapA flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.2021-01-265CVE-2020-36230
MISC
MISC
MISC
openldap -- openldapA flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.2021-01-265CVE-2020-36226
MISC
MISC
MISC
MISC
MISC
MISC
openldap -- openldapAn integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).2021-01-265CVE-2020-36221
MISC
MISC
MISC
MISC
MISC
openldap -- openldapA flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.2021-01-265CVE-2020-36222
MISC
MISC
MISC
MISC
MISC
MISC
openldap -- openldapA flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).2021-01-265CVE-2020-36223
MISC
MISC
MISC
openldap -- openldapA flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.2021-01-265CVE-2020-36224
MISC
MISC
MISC
MISC
MISC
MISC
openldap -- openldapA flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.2021-01-265CVE-2020-36225
MISC
MISC
MISC
MISC
MISC
MISC
openldap -- openldapA flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.2021-01-265CVE-2020-36229
MISC
MISC
MISC
openldap -- openldapA flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.2021-01-265CVE-2020-36227
MISC
MISC
MISC
panasonic -- fpwin_proFPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.2021-01-266.8CVE-2020-16236
MISC
pepperl-fuchs -- io-link_master_4-eip_firmwarePepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd2021-01-224CVE-2020-12514
CONFIRM
pepperl-fuchs -- io-link_master_4-eip_firmwarePepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.2021-01-226.8CVE-2020-12511
CONFIRM
phpgurukul -- daily_expense_tracker_systemPHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.2021-01-294.3CVE-2021-26303
MISC
phpgurukul_daily_expense_tracker_system_project -- phpgurukul_daily_expense_tracker_systemPHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.2021-01-294.3CVE-2021-26304
MISC
report_project -- reportThe MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.2021-01-254.3CVE-2021-21275
MISC
CONFIRM
revive-adserver -- revive_adserverRevive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.2021-01-284.3CVE-2021-22875
MISC
MISC
MISC
revive-adserver -- revive_adserverRevive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.2021-01-284.3CVE-2021-22874
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apfell_project -- apfellAPfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.2021-01-263.5CVE-2020-23014
MISC
MISC
bdtask -- multi-storeStored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.2021-01-273.5CVE-2020-36012
MISC
MISC
MISC
bigprof -- online_invoicing_systemOnline Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.2021-01-223.5CVE-2021-21260
MISC
CONFIRM
compo -- composr_cmsComposr CMS 10.0.34 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via Add Banners in the Description field.2021-01-263.5CVE-2020-35310
MISC
hyweb -- hycms-j1Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.2021-01-223.5CVE-2021-22849
CONFIRM
ibm -- collaborative_lifecycle_managementIBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.2021-01-273.5CVE-2020-4524
XF
CONFIRM
ibm -- collaborative_lifecycle_managementIBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.2021-01-273.5CVE-2020-4547
XF
CONFIRM
ibm -- collaborative_lifecycle_managementIBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.2021-01-273.5CVE-2020-4855
XF
CONFIRM
ibm -- collaborative_lifecycle_managementIBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.2021-01-273.5CVE-2020-4865
XF
CONFIRM
ibm -- collaborative_lifecycle_managementIBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.2021-01-273.5CVE-2021-20357
XF
CONFIRM
ibm -- spectrum_scaleIBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.2021-01-262.1CVE-2020-4889
XF
CONFIRM
o-dyn -- collabtiveCollabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.2021-01-293.5CVE-2021-3298
MISC
MISC
openwrt -- openwrtLuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.2021-01-263.5CVE-2019-25015
MISC
MISC
pepperl-fuchs -- io-link_master_4-eip_firmwarePepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting2021-01-223.5CVE-2020-12512
CONFIRM
rockoa -- rockoaRockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.2021-01-263.5CVE-2020-21147
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
rocket.chat -- rocket.chatRocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.2021-01-26not yet calculatedCVE-2020-8292
MISC
MISC
4images -- image_gallary_management_system
 
4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.2021-01-26not yet calculatedCVE-2020-35853
MISC
abi_stable -- abi_stable
 
An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.2021-01-26not yet calculatedCVE-2020-36212
MISC
abi_stable -- abi_stable
 
An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness.2021-01-26not yet calculatedCVE-2020-36213
MISC
accfly -- wireless_security_ir_camera_720p
 
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.2021-01-28not yet calculatedCVE-2020-25783
MISC
accfly -- wireless_security_ir_camera_720p
 
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.2021-01-28not yet calculatedCVE-2020-25785
MISC
accfly -- wireless_security_ir_camera_720p
 
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.2021-01-28not yet calculatedCVE-2020-25782
MISC
accfly -- wireless_security_ir_camera_720p
 
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.2021-01-28not yet calculatedCVE-2020-25784
MISC
acdsee -- professional_2021
 
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.2021-01-26not yet calculatedCVE-2021-26026
MISC
acdsee -- professional_2021
 
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.2021-01-26not yet calculatedCVE-2021-26025
MISC
acronis_true_image -- acronis_true_image
 
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.2021-01-29not yet calculatedCVE-2020-35145
MISC
CONFIRM
aovec -- aovec
 
An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.2021-01-26not yet calculatedCVE-2020-36207
MISC
apache -- activemq_artemisThe optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.2021-01-27not yet calculatedCVE-2021-26117
MLIST
MLIST
MISC
apache -- activemq_artemis
 
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.2021-01-27not yet calculatedCVE-2021-26118
MLIST
MISC
apache -- druid
 
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.2021-01-29not yet calculatedCVE-2021-25646
MLIST
MLIST
MLIST
MLIST
MISC
apache -- hadoop
 
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.2021-01-26not yet calculatedCVE-2020-9492
MISC
MLIST
archer -- archerArcher before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks.2021-01-29not yet calculatedCVE-2020-29536
CONFIRM
MISC
archer -- archerArcher before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.2021-01-29not yet calculatedCVE-2020-29537
CONFIRM
MISC
archer -- archerArcher before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks.2021-01-29not yet calculatedCVE-2020-29538
CONFIRM
MISC
archer -- archer
 
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.2021-01-29not yet calculatedCVE-2020-29535
CONFIRM
MISC
assuweb -- assuweb
 
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.2021-01-28not yet calculatedCVE-2021-3160
MISC
MISC
async-h1 -- async-h1
 
An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.2021-01-26not yet calculatedCVE-2020-36202
MISC
aterm -- wf800hp_firmware
 
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.2021-01-28not yet calculatedCVE-2021-20620
MISC
MISC
MISC
aterm -- wg2600hp_firmware
 
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2021-01-28not yet calculatedCVE-2021-20621
MISC
MISC
MISC
aterm -- wg2600hp_firmware
 
Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.2021-01-28not yet calculatedCVE-2021-20622
MISC
MISC
MISC
atlassian -- bamboo
 
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.2021-01-28not yet calculatedCVE-2021-26067
MISC
atomic-option -- atomic-option
 
An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur.2021-01-26not yet calculatedCVE-2020-36219
MISC
autoand -- autoand
 
An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.2021-01-26not yet calculatedCVE-2020-36210
MISC
av-data -- av-data
 
An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.2021-01-26not yet calculatedCVE-2021-25904
MISC
bakeshop -- online_ordering_system
 
Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories".2021-01-26not yet calculatedCVE-2020-35309
MISC
basic_dsp_matrix -- basic_dsp_matrix
 
An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.2021-01-26not yet calculatedCVE-2021-25906
MISC
bitcoin -- core
 
bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call.2021-01-26not yet calculatedCVE-2021-3195
MISC
bosch -- fsm-2500_server_and_fsm-5000_server
 
Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system.2021-01-26not yet calculatedCVE-2020-6779
MISC
bosch -- fsm-2500_server_and_fsm-5000_server
 
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.2021-01-26not yet calculatedCVE-2020-6780
MISC
bra -- bra
 
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.2021-01-26not yet calculatedCVE-2021-25905
MISC
buttplug -- buttplug
 
An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send|!Sync) objects, leading to a data race.2021-01-26not yet calculatedCVE-2020-36218
MISC
cache -- cache
 
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.2021-01-26not yet calculatedCVE-2021-25903
MISC
cakephp -- cakephp
 
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method.2021-01-26not yet calculatedCVE-2020-35239
MISC
cdr-rs -- cdr-rs
 
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.2021-01-29not yet calculatedCVE-2021-26305
MISC
churchrota -- churchrota
 
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.2021-01-26not yet calculatedCVE-2021-3164
MISC
MISC
ckeditor -- ckeditorIt was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).2021-01-26not yet calculatedCVE-2021-26271
MISC
ckeditor -- ckeditor
 
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).2021-01-26not yet calculatedCVE-2021-26272
MISC
ckeditor -- ckeditor
 
CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.2021-01-29not yet calculatedCVE-2021-21254
MISC
CONFIRM
MISC
codiad -- codiad
 
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.2021-01-27not yet calculatedCVE-2020-23355
MISC
conquer-once -- conquer-once
 
An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.2021-01-26not yet calculatedCVE-2020-36208
MISC
containers -- containers
 
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.2021-01-26not yet calculatedCVE-2021-25907
MISC
cpanel -- cpanel
 
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).2021-01-26not yet calculatedCVE-2021-26266
MISC
cpanel -- cpanel
 
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).2021-01-26not yet calculatedCVE-2021-26267
MISC
d-link -- dir_825_r1_devices
 
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.2021-01-29not yet calculatedCVE-2020-29557
MISC
MISC
delta_electronics -- ispsoft
 
A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.2021-01-26not yet calculatedCVE-2020-27280
MISC
dh2i -- dxenterprise_and_dxodyssey
 
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.2021-01-29not yet calculatedCVE-2021-3341
MISC
duncaen -- opendoas
 
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.2021-01-28not yet calculatedCVE-2019-25016
MISC
MISC
MISC
MISC
ecostruxure -- operator_terminal_expert_and_pro-face_blue
 
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.2021-01-26not yet calculatedCVE-2020-28221
MISC
ecostruxure -- power_buildA CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.2021-01-26not yet calculatedCVE-2021-22698
MISC
ecostruxure -- power_build
 
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.2021-01-26not yet calculatedCVE-2021-22697
MISC
egavilan -- media_crud_operation
 
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.2021-01-28not yet calculatedCVE-2020-36115
MISC
egavilanmedia -- user_registration_and_login_system
 
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.2021-01-26not yet calculatedCVE-2020-35263
MISC
electron -- electron
 
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.2021-01-28not yet calculatedCVE-2020-26272
MISC
MISC
MISC
CONFIRM
MISC
eset -- multiple_products
 
A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.2021-01-26not yet calculatedCVE-2020-26941
MISC
eventio -- eventio
 
An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.2021-01-26not yet calculatedCVE-2020-36216
MISC
fil-ocl -- fil-ocl
 
An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.2021-01-26not yet calculatedCVE-2021-25908
MISC
flarum -- flarum
 
Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through the m.trust() helper. This resulted in an HTML injection where <script> tags would not be executed. However it was possible to run javascript from other HTML attributes, enabling a cross-site scripting (XSS) attack to be performed. Since the exploit only happens with the first post of a pinned discussion, an attacker would need the ability to pin their own discussion, or be able to edit a discussion that was previously pinned. On forums where all pinned posts are authored by your staff, you can be relatively certain the vulnerability has not been exploited. Forums where some user-created discussions were pinned can look at the first post edit date to find whether the vulnerability might have been exploited. Because Flarum doesn't store the post content history, you cannot be certain if a malicious edit was reverted. The fix will be available in version v0.1.0-beta.16 with Flarum beta 16. The fix has already been back-ported to Flarum beta 15 as version v0.1.0-beta.15.1 of the Sticky extension. Forum administrators can disable the Sticky extension until they are able to apply the update. The vulnerability cannot be exploited while the extension is disabled.2021-01-26not yet calculatedCVE-2021-21283
MISC
MISC
MISC
CONFIRM
foris -- foris
 
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.2021-01-29not yet calculatedCVE-2021-3346
MISC
MISC
MISC
ftpd -- ftpd
 
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.2021-01-26not yet calculatedCVE-2013-2512
MISC
geeni -- gnc-cw013
 
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password.2021-01-26not yet calculatedCVE-2020-28998
MISC
MISC
geeni -- gnc-cw013
 
An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service.2021-01-26not yet calculatedCVE-2020-28999
MISC
MISC
geeni -- gnc-cw013
 
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.2021-01-26not yet calculatedCVE-2020-29000
MISC
MISC
geeni -- mulitple_products
 
An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application.2021-01-26not yet calculatedCVE-2020-29001
MISC
MISC
gfwx -- gfwx
 
An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.2021-01-26not yet calculatedCVE-2020-36211
MISC
glsl-layout -- glsl-layout
 
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.2021-01-26not yet calculatedCVE-2021-25902
MISC
gnu -- c_library
 
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.2021-01-27not yet calculatedCVE-2021-3326
MLIST
MISC
MISC
go -- goGo before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).2021-01-26not yet calculatedCVE-2021-3115
CONFIRM
CONFIRM
go -- go
 
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.2021-01-26not yet calculatedCVE-2021-3114
CONFIRM
CONFIRM
godaddy -- godaddy
 
** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.2021-01-27not yet calculatedCVE-2021-26276
MISC
google -- android
 
In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1387913582021-01-26not yet calculatedCVE-2020-27098
MISC
google -- android
 
In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1407294262021-01-26not yet calculatedCVE-2020-27097
MISC
gstreamer -- h264
 
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.2021-01-26not yet calculatedCVE-2021-3185
MISC
hackolade -- hackolade
 
An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application.2021-01-26not yet calculatedCVE-2020-25737
MISC
hashconsing -- hashconsing
 
An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.2021-01-26not yet calculatedCVE-2020-36215
MISC
hedgedoc -- hedgedoc
 
HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.2. ### Workarounds Disallow loading JavaScript from 3rd party sites using the `Content-Security-Policy` header. Note that this will break some embedded content. ### References This issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648 ### For more information If you have any questions or comments about this advisory: * Open an topic on our community forum * Join our matrix room2021-01-22not yet calculatedCVE-2021-21259
MISC
MISC
CONFIRM
hewlett_packard -- multiple_products
 
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function.2021-01-29not yet calculatedCVE-2021-25123
MISC
hitachi -- vantara_pentahoThe New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.2021-01-29not yet calculatedCVE-2020-24669
MISC
MISC
hitachi -- vantara_pentahoThe Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.2021-01-29not yet calculatedCVE-2020-24670
MISC
MISC
hitachi -- vantara_pentaho
 
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA2021-01-29not yet calculatedCVE-2020-24665
MISC
MISC
hitachi -- vantara_pentaho
 
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.12021-01-29not yet calculatedCVE-2020-24666
MISC
MISC
hitachi -- vantara_pentaho
 
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.2021-01-29not yet calculatedCVE-2020-24664
MISC
MISC
home_assistant -- home_assistant
 
** DISPUTED ** Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation.2021-01-26not yet calculatedCVE-2021-3152
CONFIRM
MISC
htcondor -- condor_credd
 
condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.2021-01-27not yet calculatedCVE-2021-25311
MISC
htcondor -- htcondorHTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.2021-01-27not yet calculatedCVE-2021-25312
MISC
ibm -- infosphere_information_server
 
** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2021-01-26not yet calculatedCVE-2020-27583
MISC
ibm -- mq
 
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.2021-01-28not yet calculatedCVE-2020-4682
XF
CONFIRM
ibm -- qradar_siemIBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.2021-01-28not yet calculatedCVE-2020-4888
XF
CONFIRM
ibm -- qradar_siem
 
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.2021-01-27not yet calculatedCVE-2020-4787
XF
CONFIRM
ibm -- qradar_siem
 
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.2021-01-27not yet calculatedCVE-2020-4789
XF
CONFIRM
ibm -- qradar_siem
 
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.2021-01-27not yet calculatedCVE-2020-4786
XF
CONFIRM
ide_atapi_cmd_reply_end -- ide_atapi_cmd_reply_end
 
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.2021-01-26not yet calculatedCVE-2020-29443
MISC
MISC
im -- im
 
An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.2021-01-26not yet calculatedCVE-2020-36204
MISC
iniparserjs -- iniparserjs
 
This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.2021-01-29not yet calculatedCVE-2021-23328
MISC
MISC
istio_pilot -- istio_pilot
 
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).2021-01-29not yet calculatedCVE-2019-25014
MISC
MISC
jenkins -- jenkins
 
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.2021-01-26not yet calculatedCVE-2021-21615
MLIST
CONFIRM
jp2_ decode -- jp2_decode
 
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.2021-01-27not yet calculatedCVE-2021-3272
MISC
jxbrowser -- ti_code_composer_studio_ide
 
jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.2021-01-26not yet calculatedCVE-2021-3285
MISC
klog -- klog_server
 
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.2021-01-26not yet calculatedCVE-2021-3317
MISC
late-static -- late-static
 
An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.2021-01-26not yet calculatedCVE-2020-36209
MISC
lazy-init -- lazy-init
 
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.2021-01-26not yet calculatedCVE-2021-25901
MISC
libgcrypt -- libgcrypt
 
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 has a heap-based buffer overflow when the digest final function sets a large count value.2021-01-29not yet calculatedCVE-2021-3345
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.2021-01-26not yet calculatedCVE-2020-35513
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.2021-01-29not yet calculatedCVE-2021-3347
MLIST
MLIST
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
local_service -- search_engine_management
 
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.2021-01-26not yet calculatedCVE-2021-3278
MISC
MISC
logstorage -- logstorage
 
Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.2021-01-28not yet calculatedCVE-2020-5626
MISC
MISC
m&m_software -- fdtcontainer_component
 
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.2021-01-22not yet calculatedCVE-2020-12525
CONFIRM
MISC
madcodehook -- madcodehook
 
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.2021-01-30not yet calculatedCVE-2020-14418
MISC
MISC
marc_crate -- marc_crate
 
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.2021-01-29not yet calculatedCVE-2021-26308
MISC
matrikon -- opc_ua_tunneller
 
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).2021-01-26not yet calculatedCVE-2020-27297
MISC
matrikon -- opc_ua_tunneller
 
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).2021-01-26not yet calculatedCVE-2020-27299
MISC
matrikon -- opc_ua_tunneller
 
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).2021-01-26not yet calculatedCVE-2020-27295
MISC
matrikon -- opc_ua_tunneller
 
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).2021-01-26not yet calculatedCVE-2020-27274
MISC
mautic -- mautic
 
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.2021-01-28not yet calculatedCVE-2020-35124
MISC
MISC
MISC
MISC
may_queue -- may_queue
 
An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.2021-01-26not yet calculatedCVE-2020-36217
MISC
mediawiki -- mediawiki
 
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.2021-01-29not yet calculatedCVE-2020-29004
MISC
CONFIRM
MISC
mediawiki -- mediawiki
 
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.2021-01-29not yet calculatedCVE-2020-29005
MISC
MISC
melfa -- fr_series_controllers
 
Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.2021-01-29not yet calculatedCVE-2021-20586
MISC
micrium -- uchttp
 
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.2021-01-26not yet calculatedCVE-2020-13582
MISC
microsoft -- windows
 
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.2021-01-26not yet calculatedCVE-2021-22159
MISC
MISC
mitel -- businesscti_enterprise_client_for_windows
 
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.2021-01-29not yet calculatedCVE-2021-3176
MISC
CONFIRM
mitel -- micollab
 
A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.2021-01-29not yet calculatedCVE-2020-35547
MISC
CONFIRM
monitorix -- monitorix
 
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.2021-01-27not yet calculatedCVE-2021-3325
MISC
MISC
MISC
CONFIRM
moodle -- moodleIt was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.2021-01-28not yet calculatedCVE-2021-20184
MISC
moodle -- moodleIt was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.2021-01-28not yet calculatedCVE-2021-20187
MISC
moodle -- moodle
 
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.2021-01-28not yet calculatedCVE-2021-20183
MISC
moodle -- moodle
 
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.2021-01-28not yet calculatedCVE-2021-20185
MISC
moodle -- moodle
 
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.2021-01-28not yet calculatedCVE-2021-20186
MISC
multiqueue2 -- multiqueue2
 
An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.2021-01-26not yet calculatedCVE-2020-36214
MISC
mybb -- mybb
 
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.2021-01-28not yet calculatedCVE-2021-3337
MISC
MISC
nagios -- docker_config_wizard
 
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.2021-01-26not yet calculatedCVE-2021-3193
MISC
newbee-mall -- newbee-mall
 
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.2021-01-26not yet calculatedCVE-2020-23449
MISC
newbee-mall -- newbee-mall
 
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.2021-01-26not yet calculatedCVE-2020-23448
MISC
nextcloud -- nextcloud_server
 
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.2021-01-26not yet calculatedCVE-2020-8293
MISC
MISC
nextcloud -- nextcloud_server
 
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.2021-01-26not yet calculatedCVE-2020-8295
MISC
MISC
nibbleblog -- nibbleblog
 
dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.2021-01-27not yet calculatedCVE-2020-23356
MISC
nim -- nim
 
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.2021-01-30not yet calculatedCVE-2020-15690
MISC
CONFIRM
node-red-contrib-huemagic -- node-red-contrib-huemagic
 
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.2021-01-26not yet calculatedCVE-2021-25864
MISC
nutch -- dmozparser
 
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.2021-01-25not yet calculatedCVE-2021-23901
CONFIRM
CONFIRM
MLIST
MLIST
nvidia -- multiple_products
 
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.2021-01-26not yet calculatedCVE-2021-1071
CONFIRM
nvidia -- multiple_products
 
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.2021-01-26not yet calculatedCVE-2021-1070
CONFIRM
octopusdsc -- octopusdsc
 
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.2021-01-22not yet calculatedCVE-2021-21270
MISC
MISC
MISC
CONFIRM
oncommand -- unified_manager_core_package
 
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).2021-01-28not yet calculatedCVE-2020-8585
MISC
CONFIRM
online_news_portal -- online_news_portal
 
Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter.2021-01-26not yet calculatedCVE-2020-29241
MISC
onlyoffice -- document_server
 
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.2021-01-26not yet calculatedCVE-2021-3199
MISC
CONFIRM
open5gs -- open5gs
 
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.2021-01-26not yet calculatedCVE-2021-25863
MISC
openemr -- openemr
 
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.2021-01-28not yet calculatedCVE-2020-13569
MISC
openjpeg2 -- openjpeg2
 
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.2021-01-26not yet calculatedCVE-2020-27814
MISC
MISC
GENTOO
openmaint -- openmaint
 
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.2021-01-26not yet calculatedCVE-2020-24549
MISC
MISC
opensolution -- quick
 
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.2021-01-28not yet calculatedCVE-2020-35754
MISC
MISC
CONFIRM
MISC
oras -- oras
 
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.2021-01-25not yet calculatedCVE-2021-21272
MISC
MISC
CONFIRM
MISC
oscommerce -- oscommerce
 
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php2021-01-27not yet calculatedCVE-2020-23360
MISC
persis -- human_resouce_management_portal
 
The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter.2021-01-26not yet calculatedCVE-2020-35753
MISC
philips -- interventional_workspot
 
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.2021-01-26not yet calculatedCVE-2020-27298
MISC
phplist -- phplist
 
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.2021-01-26not yet calculatedCVE-2021-3188
MISC
phplist -- phplist
 
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.2021-01-27not yet calculatedCVE-2020-23361
MISC
projectsend -- projectsend
 
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).2021-01-26not yet calculatedCVE-2020-28874
MISC
CONFIRM
MISC
CONFIRM
MISC
pyrescom -- termod4_time_management_devices
 
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.2021-01-26not yet calculatedCVE-2020-23161
MISC
MISC
pyrescom -- termod4_time_management_devices
 
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.2021-01-26not yet calculatedCVE-2020-23162
MISC
MISC
qdocs -- smart_hospital_management_system
 
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.2021-01-26not yet calculatedCVE-2020-36011
MISC
MISC
qemu -- qemu
 
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.2021-01-28not yet calculatedCVE-2020-35517
MISC
MISC
MISC
MISC
qemu -- sdhci_devices
 
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.2021-01-30not yet calculatedCVE-2020-17380
CONFIRM
CONFIRM
raw-cpuid_crate -- raw-cpuid_crate
 
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.2021-01-29not yet calculatedCVE-2021-26306
MISC
raw-cpuid_crate -- raw-cpuid_crate
 
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.2021-01-29not yet calculatedCVE-2021-26307
MISC
redhat -- keycloak
 
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.2021-01-28not yet calculatedCVE-2020-1725
MISC
MISC
redhat -- keycloak
 
The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.2021-01-28not yet calculatedCVE-2020-1723
MISC
reffers -- reffers
 
An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.2021-01-26not yet calculatedCVE-2020-36203
MISC
revive -- adserver
 
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.2021-01-26not yet calculatedCVE-2021-22871
MISC
FULLDISC
MISC
MISC
MISC
MISC
revive -- adserver
 
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.2021-01-26not yet calculatedCVE-2021-22872
MISC
FULLDISC
MISC
MISC
MISC
MISC
revive -- adserver
 
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.2021-01-26not yet calculatedCVE-2021-22873
MISC
FULLDISC
MISC
MISC
MISC
riolink -- p2p_products
 
The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.2021-01-26not yet calculatedCVE-2020-25169
MISC
riolink -- p2p_products
 
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access2021-01-26not yet calculatedCVE-2020-25173
MISC
rocket.chat -- rocket.chat
 
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.2021-01-26not yet calculatedCVE-2020-8288
MISC
MISC
MISC
rostelecom -- cs-c2shwDenial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later.2021-01-26not yet calculatedCVE-2020-27541
MISC
rostelecom -- cs-c2shw
 
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn't parse QR codes if it's already successfully configured. Camera is always rebooted after successful configuration via QR code.2021-01-26not yet calculatedCVE-2020-27542
MISC
rostelecom -- cs-c2shw
 
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.2021-01-26not yet calculatedCVE-2020-27540
MISC
rostelecom -- cs-c2shw
 
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it.2021-01-26not yet calculatedCVE-2020-27539
MISC
rsshub -- rsshubRSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint.2021-01-26not yet calculatedCVE-2021-21278
MISC
CONFIRM
MISC
rusb -- rusb
 
An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.2021-01-26not yet calculatedCVE-2020-36206
MISC
sagemcom -- f@st_3686_v2_3.495_devices
 
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.2021-01-26not yet calculatedCVE-2021-3304
MISC
sangoma -- asterisk
 
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.2021-01-29not yet calculatedCVE-2020-35652
CONFIRM
CONFIRM
MISC
MISC
smallvec -- smallvec
 
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.2021-01-26not yet calculatedCVE-2021-25900
MISC
smartagent -- smartagent
 
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.2021-01-26not yet calculatedCVE-2021-3165
MISC
MISC
MISC
spring_cloud -- data_flow
 
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.2021-01-27not yet calculatedCVE-2020-5427
CONFIRM
spring_cloud -- task
 
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.2021-01-27not yet calculatedCVE-2020-5428
CONFIRM
student_result_management_system -- student_result_management_system
 
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.2021-01-26not yet calculatedCVE-2020-35270
MISC
MISC
sudo -- sudo
 
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.2021-01-26not yet calculatedCVE-2021-3156
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
GENTOO
CONFIRM
CONFIRM
CISCO
DEBIAN
MISC
CONFIRM
tenda -- ac5_ac1200
 
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.2021-01-26not yet calculatedCVE-2021-3186
MISC
MISC
tendermint -- tendermint_core
 
Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.) In Tendermint Core v0.34.0-v0.34.2, the consensus reactor is responsible for forming DuplicateVoteEvidence whenever double signs are observed. However, the current block is still “in flight” when it is being formed by the consensus reactor. It hasn’t been finalized through network consensus yet. This means that different nodes in the network may observe different “last commits” when assigning a timestamp to DuplicateVoteEvidence. In turn, different nodes could form DuplicateVoteEvidence objects at the same height but with different timestamps. One DuplicateVoteEvidence object (with one timestamp) will then eventually get finalized in the block, but this means that any DuplicateVoteEvidence with a different timestamp is considered invalid. Any node that formed invalid DuplicateVoteEvidence will continue to propose invalid evidence; its peers may see this, and choose to disconnect from this node. This bug means that double signs are DoS vectors in Tendermint Core v0.34.0-v0.34.2. Tendermint Core v0.34.3 is a security release which fixes this bug. As of v0.34.3, DuplicateVoteEvidence is no longer formed by the consensus reactor; rather, the consensus reactor passes the Votes themselves into the EvidencePool, which is now responsible for forming DuplicateVoteEvidence. The EvidencePool has timestamp info that should be consistent across the network, which means that DuplicateVoteEvidence formed in this reactor should have consistent timestamps. This release changes the API between the consensus and evidence reactors.2021-01-26not yet calculatedCVE-2021-21271
MISC
MISC
CONFIRM
terramaster -- terramaster_tos
 
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.2021-01-30not yet calculatedCVE-2020-15568
MISC
MISC
textpattern -- textpattern
 
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.2021-01-26not yet calculatedCVE-2020-35854
MISC
MISC
MISC
tibco -- bpm_enterprise_and_bpm_enterprise_distribution
 
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.2021-01-26not yet calculatedCVE-2021-23272
CONFIRM
tinycheck -- tinycheckTinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.2021-01-26not yet calculatedCVE-2020-36200
MISC
tinycheck -- tinycheck
 
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.2021-01-26not yet calculatedCVE-2020-36199
MISC
tm_mobile_solutions -- testes_de_codigo
 
Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.2021-01-28not yet calculatedCVE-2021-25647
MISC
tp-link -- tl-wr841N_v13
 
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.2021-01-26not yet calculatedCVE-2020-35576
MISC
MISC
trendmicro -- serverprotect
 
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2021-01-27not yet calculatedCVE-2021-25225
N/A
N/A
trendmicro -- serverprotect
 
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2021-01-27not yet calculatedCVE-2021-25224
N/A
N/A
trendmicro -- serverprotect
 
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2021-01-27not yet calculatedCVE-2021-25226
N/A
N/A
trendmirco -- housecall_for_home_networks
 
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.2021-01-27not yet calculatedCVE-2021-25247
N/A
va-ts -- va-ts
 
An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur.2021-01-26not yet calculatedCVE-2020-36220
MISC
vis-timeline -- vis-timeline
 
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.2021-01-22not yet calculatedCVE-2020-28487
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
webid -- webid
 
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.2021-01-27not yet calculatedCVE-2020-23359
MISC
wekan -- wekan
 
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,2021-01-26not yet calculatedCVE-2021-3309
MISC
MISC
MISC
wing_ftp -- wing_ftp
 
An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.2021-01-26not yet calculatedCVE-2020-27735
MISC
MISC
winmail -- winmail
 
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.2021-01-26not yet calculatedCVE-2020-23776
MISC
winmail -- winmail
 
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.2021-01-26not yet calculatedCVE-2020-23774
MISC
winscp -- winscp
 
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)2021-01-27not yet calculatedCVE-2021-3331
MISC
MISC
MISC
MISC
wolfssl -- tls13.c
 
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).2021-01-29not yet calculatedCVE-2021-3336
MISC
xcb -- xcb
 
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.2021-01-26not yet calculatedCVE-2020-36205
MISC
xen -- xen
 
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.2021-01-26not yet calculatedCVE-2021-3308
MLIST
MISC
FEDORA
xerox -- workcentre_products
 
An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.2021-01-26not yet calculatedCVE-2020-36201
MISC
yale -- wipc-303w_cameras
 
** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176 .2021-01-26not yet calculatedCVE-2020-23826
MISC
z-blogphp -- valyria
 
Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.2021-01-27not yet calculatedCVE-2020-23352
MISC
zen -- cart
 
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.2021-01-26not yet calculatedCVE-2021-3291
MISC
ziv_automation -- 4cct-ea6-334126bf
 
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.2021-01-29not yet calculatedCVE-2021-25910
CONFIRM
ziv_automation -- 4cct-ea6-334126bf
 
ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.2021-01-29not yet calculatedCVE-2021-25909
CONFIRM
zte -- multiple_products
 
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.2021-01-26not yet calculatedCVE-2021-21723
MISC
zyxel -- nbg2105
 
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.2021-01-26not yet calculatedCVE-2021-3297
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.