Vulnerability Summary for the Week of February 15, 2021

Released
Feb 22, 2021
Document ID
SB21-053

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accellion -- ftaAccellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.2021-02-167.2CVE-2021-27102
MISC
MISC
accellion -- ftaAccellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.2021-02-1610CVE-2021-27104
MISC
MISC
accellion -- ftaAccellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.2021-02-167.5CVE-2021-27103
MISC
MISC
accellion -- ftaAccellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.2021-02-167.5CVE-2021-27101
MISC
MISC
advantech -- webaccess\/scadaAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.2021-02-177.2CVE-2020-13555
MISC
advantech -- webaccess\/scadaAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.2021-02-177.2CVE-2020-13553
MISC
advantech -- webaccess\/scadaAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.2021-02-177.2CVE-2020-13552
MISC
advantech -- webaccess\/scadaAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.2021-02-177.2CVE-2020-13551
MISC
citsmart -- citsmartCITSmart before 9.1.2.23 allows LDAP Injection.2021-02-157.5CVE-2020-35775
MISC
CONFIRM
MISC
MISC
dlink -- dap-1860_firmwareThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880.2021-02-128.3CVE-2020-27864
MISC
MISC
dlink -- dap-1860_firmwareThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.2021-02-128.3CVE-2020-27865
MISC
MISC
elecom -- wrc-300febk-s_firmwareELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.2021-02-127.7CVE-2021-20648
MISC
MISC
iptime -- c200_firmwareThe EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.2021-02-177.7CVE-2020-7848
MISC
limesurvey -- limesurveyLimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.2021-02-147.5CVE-2019-25019
MISC
MISC
logitec -- lan-w300n\/pgrb_firmwareBuffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.2021-02-127.7CVE-2021-20640
MISC
MISC
logitec -- lan-w300n\/pgrb_firmwareLOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.2021-02-127.7CVE-2021-20639
MISC
MISC
logitec -- lan-w300n\/pgrb_firmwareLOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.2021-02-127.7CVE-2021-20638
MISC
MISC
microfocus -- operations_bridge_managerArbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.2021-02-1210CVE-2021-22504
MISC
nagios -- nagios_xiNagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.2021-02-159CVE-2021-25298
MISC
MISC
MISC
nagios -- nagios_xiNagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.2021-02-159CVE-2021-25297
MISC
MISC
MISC
nagios -- nagios_xiNagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.2021-02-159CVE-2021-25296
MISC
MISC
MISC
netgear -- ac2100_firmwareThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.2021-02-127.7CVE-2020-27867
MISC
MISC
netgear -- ac2100_firmwareThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.2021-02-128.3CVE-2020-27866
MISC
MISC
netgear -- cbk40_firmwareThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.2021-02-128.3CVE-2020-27861
MISC
MISC
pelco -- digital_sentry_serverDSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language='vbscript'>") to overwrite arbitrary files.2021-02-128.8CVE-2021-27197
MISC
MISC
pystemon_project -- pystemonconfig.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.2021-02-147.5CVE-2021-27213
MISC
MISC
qognify -- ocularisThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257.2021-02-1210CVE-2020-27868
MISC
MISC
racom -- m\!dge_cellular_router_firmwareRacom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.2021-02-167.2CVE-2021-20075
MISC
sdg -- pnpscadaPNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.2021-02-167.5CVE-2020-24841
MISC
MISC
solarwinds -- network_performance_monitorThis vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.2021-02-129CVE-2020-27869
MISC
zscaler -- client_connectorThe Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.2021-02-167.2CVE-2020-11635
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advantech -- webaccess\/scadaA local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.2021-02-174CVE-2020-13550
MISC
apache -- thriftIn Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.2021-02-125CVE-2020-13949
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
atlassian -- data_centerAffected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.2021-02-155CVE-2020-36237
MISC
atlassian -- data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1.2021-02-154CVE-2020-29451
MISC
atlassian -- jiraAffected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.2021-02-155CVE-2020-36235
MISC
atlassian -- jiraAffected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.2021-02-154.3CVE-2020-36236
MISC
changjia_property_management_system_project -- changjia_property_management_systemThe CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.2021-02-175CVE-2021-22856
CONFIRM
MISC
changjia_property_management_system_project -- changjia_property_management_systemThe CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.2021-02-175CVE-2021-22857
CONFIRM
MISC
deepnetsecurity -- dualshieldDualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.2021-02-165CVE-2020-28918
MISC
MISC
dlink -- dva-2800_firmwareThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911.2021-02-125.8CVE-2020-27862
MISC
MISC
elecom -- file_managerDirectory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.2021-02-126.4CVE-2021-20651
MISC
MISC
elecom -- ld-ps\/u1_firmwareImproper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.2021-02-125CVE-2021-20643
MISC
MISC
elecom -- ncc-ewf100rmwh2_firmwareCross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.2021-02-124.3CVE-2021-20650
MISC
MISC
elecom -- wrc-1467ghbk-a_firmwareELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.2021-02-124.3CVE-2021-20644
MISC
MISC
elecom -- wrc-300febk-a_firmwareCross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.2021-02-124.3CVE-2021-20645
MISC
MISC
elecom -- wrc-300febk-a_firmwareCross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.2021-02-124.3CVE-2021-20646
MISC
MISC
elecom -- wrc-300febk-s_firmwareELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.2021-02-125.8CVE-2021-20649
MISC
MISC
elecom -- wrc-300febk-s_firmwareCross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.2021-02-124.3CVE-2021-20647
MISC
MISC
f5 -- access_policy_manager_clientsIn Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-126.9CVE-2021-22980
MISC
f5 -- big-ip_access_policy_managerOn BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-124.3CVE-2021-22979
MISC
f5 -- big-ip_access_policy_managerOn BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-124.3CVE-2021-22975
MISC
f5 -- big-ip_access_policy_managerOn BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-126CVE-2021-22974
MISC
f5 -- big-ip_access_policy_managerOn all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-125.8CVE-2021-22981
MISC
f5 -- big-ip_access_policy_managerOn BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-125CVE-2021-22977
MISC
f5 -- big-ip_access_policy_managerOn BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-125CVE-2021-22973
MISC
f5 -- big-ip_advanced_web_application_firewallOn BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-125CVE-2021-22976
MISC
f5 -- big-ip_advanced_web_application_firewallOn BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-125.8CVE-2021-22984
MISC
f5 -- big-ip_domain_name_systemOn BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-126.5CVE-2021-22982
MISC
foxitsoftware -- foxit_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11727.2021-02-126.8CVE-2020-27860
MISC
MISC
horde -- groupwareAn XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.2021-02-144.3CVE-2021-26929
MISC
MLIST
CONFIRM
MISC
MISC
ibm -- spectrum_protect_operations_centerIBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.2021-02-155.2CVE-2020-4955
XF
CONFIRM
ibm -- spectrum_protect_operations_centerIBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.2021-02-154.8CVE-2020-4954
XF
CONFIRM
logitec -- lan-w300n\/pr5b_firmwareCross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.2021-02-124.3CVE-2021-20636
MISC
MISC
logitec -- lan-w300n\/pr5b_firmwareImproper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.2021-02-124.3CVE-2021-20637
MISC
MISC
logitec -- lan-w300n\/rs_firmwareCross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.2021-02-124.3CVE-2021-20641
MISC
MISC
logitec -- lan-w300n\/rs_firmwareImproper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.2021-02-124.3CVE-2021-20642
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.2021-02-164CVE-2020-35568
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.2021-02-165.8CVE-2020-35560
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.2021-02-165CVE-2020-35565
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.2021-02-165CVE-2020-35564
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.2021-02-164CVE-2020-35559
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in thein the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.2021-02-165CVE-2020-35558
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.2021-02-165CVE-2020-35570
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.2021-02-164.3CVE-2020-35569
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.2021-02-165CVE-2020-35561
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.2021-02-164.6CVE-2020-35567
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.2. Inproper use of access validation allows a logged in user to see devices in the account he should not have access to.2021-02-164CVE-2020-35557
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion.2021-02-165CVE-2020-35566
MISC
MISC
nagios -- nagios_xiNagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.2021-02-154.3CVE-2021-25299
MISC
MISC
MISC
online_book_store_project -- online_book_storeThe id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.2021-02-175CVE-2020-36003
MISC
MISC
MISC
open-emr -- openemrA SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.2021-02-156.5CVE-2020-29142
MISC
MISC
MISC
MISC
MISC
openzfs -- openzfsAn issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.2021-02-125CVE-2013-20001
MISC
MISC
php -- phpIn PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.2021-02-155CVE-2021-21702
CONFIRM
DEBIAN
php -- phpIn PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.2021-02-155CVE-2020-7071
CONFIRM
DEBIAN
seat-reservation-system_project -- seat-reservation-systemSeat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information.2021-02-175CVE-2020-36002
MISC
MISC
MISC
secomea -- sitemanager_embeddedA vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.32021-02-164.3CVE-2020-29025
MISC
tp-link -- archer_c5v_firmwareTP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.2021-02-134CVE-2021-27210
MISC
xn--b1agzlht -- fx_aggregator_terminal_clientThe Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.2021-02-125CVE-2021-27188
MISC
MISC
xn--b1agzlht -- fx_aggregator_terminal_clientThe Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.2021-02-125CVE-2021-27187
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
atlassian -- data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.2021-02-153.5CVE-2020-36234
N/A
blackcat-cms -- blackcat_cmsThe admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.2021-02-163.5CVE-2021-27237
MISC
MISC
MISC
dlink -- dva-2800_firmwareThis vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10912.2021-02-123.3CVE-2020-27863
MISC
MISC
f5 -- big-ip_access_policy_managerOn BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-122.6CVE-2021-22978
MISC
f5 -- big-ip_advanced_firewall_managerOn BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.2021-02-123.5CVE-2021-22983
MISC
ibm -- maximo_for_civil_infrastructureIBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622.2021-02-183.5CVE-2021-20446
XF
CONFIRM
ibm -- spectrum_protect_operations_centerIBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.2021-02-152.3CVE-2020-4956
XF
CONFIRM
logitec -- lan-wh450n\/gr_firmwareImproper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.2021-02-123.3CVE-2021-20635
MISC
MISC
mbconnectline -- mbconnect24An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.2021-02-163.5CVE-2020-35563
MISC
MISC
nfstream -- nfstreamAn issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).2021-02-162.1CVE-2020-25340
MISC
peel -- peel_shoppingA Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.2021-02-123.5CVE-2021-27190
MISC
MISC
MISC
racom -- m\!dge_cellular_router_firmwareRacom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.2021-02-163.5CVE-2021-20071
MISC
racom -- m\!dge_cellular_router_firmwareRacom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.2021-02-163.5CVE-2021-20070
MISC
racom -- m\!dge_cellular_router_firmwareRacom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.2021-02-163.5CVE-2021-20069
MISC
racom -- m\!dge_cellular_router_firmwareRacom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.2021-02-163.5CVE-2021-20068
MISC
secomea -- sitemanager_1129_firmwareCross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.2021-02-163.5CVE-2020-29027
MISC
tp-link -- archer_c5v_firmwareIn the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.2021-02-133.6CVE-2021-27209
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
74cms -- 74cms
 
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.2021-02-17not yet calculatedCVE-2020-35339
MISC
MISC
activepresenter -- activepresenter
 
ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution.2021-02-15not yet calculatedCVE-2021-3375
MISC
agora -- video_sdk
 
Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.2021-02-17not yet calculatedCVE-2020-25605
MISC
MISC
alfresco_enterprise -- content_management
 
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.2021-02-19not yet calculatedCVE-2020-12873
MISC
MISC
amaze -- file_manager
 
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.2021-02-19not yet calculatedCVE-2020-36246
MISC
MISC
apache -- airflow
 
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.2021-02-17not yet calculatedCVE-2021-26697
MLIST
MLIST
MISC
MLIST
MLIST
apache -- airflow
 
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.2021-02-17not yet calculatedCVE-2021-26559
MLIST
MISC
MLIST
apache -- myfaces
 
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.2021-02-19not yet calculatedCVE-2021-26296
FULLDISC
MISC
askey -- multiple_devices
 
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.2021-02-19not yet calculatedCVE-2021-27403
MISC
askey -- multiple_devices
 
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.2021-02-19not yet calculatedCVE-2021-27404
MISC
async-git -- async-git
 
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')2021-02-18not yet calculatedCVE-2020-28490
MISC
MISC
MISC
atlassian -- bitbucket_server_and_data_center
 
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.2021-02-18not yet calculatedCVE-2020-36233
MISC
CERT-VN
baby_care_system -- baby_care_system
 
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.2021-02-17not yet calculatedCVE-2021-25779
MISC
baby_care_system -- baby_care_system
 
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.2021-02-17not yet calculatedCVE-2021-25780
MISC
batflat -- batlfat
 
** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2021-02-15not yet calculatedCVE-2020-35734
MISC
MISC
MISC
MISC
bind -- multiple_products
 
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch2021-02-17not yet calculatedCVE-2020-8625
MLIST
MLIST
CONFIRM
MLIST
DEBIAN
bloodhound -- bloodhound
 
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.2021-02-19not yet calculatedCVE-2021-3210
MISC
MISC
MISC
bolt -- bolt
 
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.2021-02-17not yet calculatedCVE-2021-27367
MISC
MISC
canary_mail -- canary_mail
 
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.2021-02-17not yet calculatedCVE-2021-26911
MLIST
MISC
MISC
MISC
CONFIRM
MISC
casap -- automated_enrollment_system
 
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.2021-02-15not yet calculatedCVE-2021-26201
MISC
centreon -- 19.10-e17
 
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.2021-02-15not yet calculatedCVE-2020-22425
MISC
MISC
chamilo -- chamilo
 
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.2021-02-19not yet calculatedCVE-2021-26746
CONFIRM
MISC
MISC
checkmk -- checkmk
 
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.2021-02-19not yet calculatedCVE-2020-24908
MISC
cisco -- anyconnect_secure_mobilty_client
 
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.2021-02-17not yet calculatedCVE-2021-1366
CISCO
cisco -- csdj
 
Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.2021-02-17not yet calculatedCVE-2021-20653
MISC
MISC
cisco -- identity_services_engineMultiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.2021-02-17not yet calculatedCVE-2021-1416
CISCO
cisco -- identity_services_engine
 
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.2021-02-17not yet calculatedCVE-2021-1412
CISCO
cisco -- starosA vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device.2021-02-17not yet calculatedCVE-2021-1378
CISCO
cisco -- webex_meetings
 
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2021-02-17not yet calculatedCVE-2021-1351
CISCO
cisco -- webex_meetings_desktop_app_and_webex_productivity_tools
 
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.2021-02-17not yet calculatedCVE-2021-1372
CISCO
com.typesafe.akka:akka-http-core -- com.typesafe.akka:akka-http-core
 
This affects all versions of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.2021-02-17not yet calculatedCVE-2021-23339
MISC
MISC
d-bus -- d-bus
 
A use-after-free flaw was found in D-Bus 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors2021-02-15not yet calculatedCVE-2020-35512
MISC
das -- u-boot
 
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.2021-02-17not yet calculatedCVE-2021-27138
MISC
MISC
MISC
das -- u-boot
 
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.2021-02-17not yet calculatedCVE-2021-27097
MISC
MISC
MISC
debian -- avahi_package
 
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.2021-02-17not yet calculatedCVE-2021-26720
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
dekart -- private_disk
 
In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.2021-02-16not yet calculatedCVE-2021-27203
MISC
MISC
dell -- emc_avamar_server
 
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.2021-02-15not yet calculatedCVE-2021-21511
CONFIRM
dell -- emc_powerprotect_cyber_recovery
 
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.2021-02-19not yet calculatedCVE-2021-21512
MISC
digi -- connectport_x2e
 
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.2021-02-18not yet calculatedCVE-2020-12878
MISC
MISC
MISC
digium -- asterisk
 
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.2021-02-18not yet calculatedCVE-2021-26906
MISC
FULLDISC
MISC
CONFIRM
CONFIRM
dji -- mavic_2_remote_controller
 
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.2021-02-18not yet calculatedCVE-2020-29664
MISC
MISC
MISC
MISC
docsify -- docsify
 
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters2021-02-19not yet calculatedCVE-2021-23342
FULLDISC
MISC
MISC
MISC
doctor_appointment_system -- doctor_apointment_system
 
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.2021-02-18not yet calculatedCVE-2021-27124
MISC
MISC
MISC
e-learning_system -- e-learning_system
 
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.2021-02-15not yet calculatedCVE-2021-3239
MISC
MISC
MISC
endalia -- selection_portal
 
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).2021-02-18not yet calculatedCVE-2020-35577
MISC
MISC
endian -- firewall_community
 
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.2021-02-15not yet calculatedCVE-2021-27201
MISC
MISC
MISC
fedora_project -- fedora_33
 
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.2021-02-15not yet calculatedCVE-2021-23336
MLIST
MISC
MLIST
FEDORA
FEDORA
MISC
MISC
filezen -- filezen
 
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.2021-02-17not yet calculatedCVE-2021-20655
MISC
MISC
finalwire -- aida64_engineer
 
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.2021-02-19not yet calculatedCVE-2020-19513
EXPLOIT-DB
friendica -- friendica
 
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.2021-02-18not yet calculatedCVE-2021-27329
MISC
fuji -- electric_v-server_lite
 
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.2021-02-19not yet calculatedCVE-2020-25171
MISC
ge-digital -- hmi/scada_ifix
 
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.2021-02-18not yet calculatedCVE-2019-18255
MISC
ge-digital -- hmi/scada_ifix
 
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.2021-02-18not yet calculatedCVE-2019-18243
MISC
gerrit -- gerrit_servers
 
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.2021-02-17not yet calculatedCVE-2021-22553
CONFIRM
gnome -- glib
 
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.2021-02-15not yet calculatedCVE-2021-27218
MISC
MISC
gnome -- glib
 
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.2021-02-15not yet calculatedCVE-2021-27219
MISC
google -- android
 
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.2021-02-19not yet calculatedCVE-2021-27351
MISC
gramaddict -- gramaddict
 
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.2021-02-17not yet calculatedCVE-2020-36245
MISC
hestia -- control_panel
 
Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.2021-02-16not yet calculatedCVE-2021-27231
MISC
MISC
hilscher -- ethernet/ip_core_v2
 
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.2021-02-16not yet calculatedCVE-2021-20987
CONFIRM
CONFIRM
hilscher -- profinet_io_device_v3
 
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.2021-02-16not yet calculatedCVE-2021-20986
CONFIRM
CONFIRM
ibm -- jazz_reporting_service
 
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751.2021-02-18not yet calculatedCVE-2020-4933
XF
CONFIRM
ibm -- maximo_for_civil_infrastructure
 
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.2021-02-18not yet calculatedCVE-2021-20445
XF
CONFIRM
ibm -- maximo_for_civil_infrastructure
 
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620.2021-02-18not yet calculatedCVE-2021-20444
XF
CONFIRM
ibm -- maximo_for_civil_infrastructure
 
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.2021-02-18not yet calculatedCVE-2021-20443
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.2021-02-18not yet calculatedCVE-2021-20354
XF
CONFIRM
intel -- 10th_generation_core_processors
 
Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access.2021-02-17not yet calculatedCVE-2020-24491
MISC
intel -- 700-series_ethernet_controllers
 
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24495
MISC
intel -- 700-series_ethernet_controllers
 
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24493
MISC
intel -- 700-series_ethernet_controllers
 
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24505
MISC
intel -- 722_ethernet_controllers
 
Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24496
MISC
intel -- 722_ethernet_controllers
 
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24494
MISC
intel -- 722_ethernet_controllors
 
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-24492
MISC
intel -- 7360_cell_modem
 
Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access.2021-02-17not yet calculatedCVE-2020-24482
MISC
intel -- collaboration_suite
 
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.2021-02-17not yet calculatedCVE-2020-12339
MISC
intel -- e810_ethernet_adaptor_driver
 
Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-24502
MISC
intel -- e810_ethernet_adaptor_drivers
 
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24504
MISC
intel -- e810_ethernet_adaptor_drivers
 
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.2021-02-17not yet calculatedCVE-2020-24503
MISC
intel -- e810_ethernet_controllers
 
Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24497
MISC
intel -- e810_ethernet_controllers
 
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24498
MISC
intel -- e810_ethernet_controllers
 
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-24500
MISC
intel -- e810_ethernet_controllers
 
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2021-02-17not yet calculatedCVE-2020-24501
MISC
intel -- epid_sdk
 
Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-24453
MISC
intel -- ethernet_i210_controller
 
Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-0523
MISC
intel -- ethernet_i210_controller
 
Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-0525
MISC
intel -- ethernet_i210_controller
 
Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-0524
MISC
intel -- ethernet_i210_controller
 
Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-0522
MISC
intel -- graphics_driver
 
Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-8678
MISC
intel -- graphics_driversInsufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-0544
MISC
intel -- graphics_driversOut-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-12386
MISC
intel -- graphics_driversUntrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-12370
MISC
intel -- graphics_driversInteger overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12367
MISC
intel -- graphics_driversUntrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.2021-02-17not yet calculatedCVE-2020-12365
MISC
intel -- graphics_driversInsufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12366
MISC
intel -- graphics_driversExpired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-12373
MISC
intel -- graphics_drivers
 
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-12364
MISC
intel -- graphics_drivers
 
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12368
MISC
intel -- graphics_drivers
 
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12369
MISC
intel -- graphics_drivers
 
Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-24450
MISC
intel -- graphics_drivers
 
Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-12371
MISC
intel -- graphics_drivers
 
Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-12372
MISC
intel -- graphics_drivers
 
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12362
MISC
intel -- graphics_drivers
 
Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-12361
MISC
intel -- graphics_drivers
 
Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12384
MISC
intel -- graphics_drivers
 
Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12385
MISC
intel -- graphics_drivers
 
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24448
MISC
intel -- graphics_drivers
 
Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-0521
MISC
intel -- graphics_drivers
 
Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-12363
MISC
intel -- grpahics_driver
 
Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-24462
MISC
intel -- hd_graphics_control_panel
 
Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-0518
MISC
intel -- multiple_productsOut of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12380
MISC
intel -- multiple_productsUse of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.2021-02-17not yet calculatedCVE-2020-12376
MISC
intel -- multiple_productsInsufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12377
MISC
intel -- multiple_products
 
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.2021-02-19not yet calculatedCVE-2020-12374
MISC
intel -- multiple_products
 
Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-12375
MISC
intel -- optane_dc_persistent_memory
 
Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-24451
MISC
intel -- proset/wireless_wifi_and_killer_drivers
 
Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b>&nbsp;</b>via adjacent access.2021-02-17not yet calculatedCVE-2020-24458
MISC
intel -- quartus_prime_pro
 
Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-24481
MISC
intel -- realsense_dcmIncorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-8765
MISC
intel -- sgx_platform_software
 
Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access.2021-02-17not yet calculatedCVE-2020-24452
MISC
intel -- soc_driver
 
Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2021-0109
MISC
intel -- ssd_toolbox
 
Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-8701
MISC
intel -- trace_analyzer_and_collector
 
Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.2021-02-17not yet calculatedCVE-2020-24485
MISC
intel -- xtu
 
Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.2021-02-17not yet calculatedCVE-2020-24480
MISC
irfanview -- irfanviewThe WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.2021-02-17not yet calculatedCVE-2021-27362
MISC
MISC
irfanview -- irfanview
 
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.2021-02-17not yet calculatedCVE-2021-27224
MISC
MISC
MISC
jackson-dataformat-cbor -- jackson-dataformat-cbor
 
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.2021-02-18not yet calculatedCVE-2020-28491
CONFIRM
CONFIRM
CONFIRM
jinjava -- jinjava
 
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.2021-02-19not yet calculatedCVE-2020-12668
MISC
MISC
MISC
MISC
MISC
jsdom -- jsdom
 
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.2021-02-16not yet calculatedCVE-2021-20066
MISC
kollectapps -- kollectapps
 
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter.2021-02-18not yet calculatedCVE-2021-27335
MISC
less-openui5 -- less-openui5
 
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0.2021-02-16not yet calculatedCVE-2021-21316
MISC
MISC
MISC
CONFIRM
MISC
library_system -- library_system
 
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.2021-02-15not yet calculatedCVE-2021-26200
MISC
linux -- linux_kernel

 

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.2021-02-17not yet calculatedCVE-2021-26933
MISC
linux -- linux_kernel

 

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.2021-02-17not yet calculatedCVE-2021-26934
MISC
linux -- linux_kernel
 
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.2021-02-19not yet calculatedCVE-2020-35499
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.2021-02-17not yet calculatedCVE-2021-26930
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.2021-02-17not yet calculatedCVE-2021-26931
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.2021-02-17not yet calculatedCVE-2021-26932
MISC
livy -- livy
 
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.2021-02-20not yet calculatedCVE-2021-26544
MLIST
CONFIRM
CONFIRM
lodash -- lodash
 
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.2021-02-15not yet calculatedCVE-2021-23337
MISC
MISC
MISC
MISC
MISC
MISC
MISC
lodash -- lodash
 
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)2021-02-15not yet calculatedCVE-2020-28500
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mailtrain -- mailtrain
 
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.2021-02-19not yet calculatedCVE-2020-24617
MISC
MISC
mcafee -- web_gateway
 
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.2021-02-17not yet calculatedCVE-2021-23885
CONFIRM
metasys -- reporting_engine_web_services
 
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.2021-02-19not yet calculatedCVE-2020-9050
CONFIRM
CERT
microweber -- microweber
 
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.2021-02-15not yet calculatedCVE-2020-28337
MISC
MISC
MISC
mitsubishi -- electric_fa_engineering_software
 
Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.2021-02-19not yet calculatedCVE-2021-20588
MISC
MISC
mitsubishi -- electric_fa_engineering_software
 
Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.2021-02-19not yet calculatedCVE-2021-20587
MISC
MISC
modernflow -- modernflow
 
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.2021-02-19not yet calculatedCVE-2021-3339
MISC
MISC
mumble -- mumble
 
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.2021-02-16not yet calculatedCVE-2021-27229
MISC
MISC
MISC
MLIST
mutare -- voiceAn issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue.2021-02-16not yet calculatedCVE-2021-27233
MISC
mutare -- voice
 
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database.2021-02-16not yet calculatedCVE-2021-27235
MISC
mutare -- voice
 
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.2021-02-16not yet calculatedCVE-2021-27234
MISC
mutare -- voice
 
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.2021-02-16not yet calculatedCVE-2021-27236
MISC
nagios -- xi_5.7.2
 
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.2021-02-15not yet calculatedCVE-2020-24899
MISC
nagiosxi -- 5.6.11
 
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into a request.2021-02-15not yet calculatedCVE-2020-22427
MISC
netis -- multiple_devices
 
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.2021-02-18not yet calculatedCVE-2021-26747
MISC
MISC
node.js -- node.jsA ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.2021-02-19not yet calculatedCVE-2021-27405
MISC
MISC
MISC
node.js -- node.jsThe slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.2021-02-19not yet calculatedCVE-2021-3189
MISC
MISC
node.js -- node.js
 
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.2021-02-16not yet calculatedCVE-2021-21315
MISC
CONFIRM
MISC
ondemand -- ondemand
 
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.2021-02-19not yet calculatedCVE-2020-36247
MISC
opc_ua.net -- opc_ua.net
 
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.2021-02-16not yet calculatedCVE-2020-29457
MISC
CONFIRM
MISC
opencast -- opencast
 
Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2.2021-02-18not yet calculatedCVE-2021-21318
MISC
CONFIRM
openemr -- openemr
 
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.2021-02-15not yet calculatedCVE-2020-29140
MISC
MISC
MISC
MISC
MISC
openemr -- openemr
 
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.2021-02-15not yet calculatedCVE-2020-29143
MISC
MISC
MISC
MISC
openemr -- openemr
 
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.2021-02-15not yet calculatedCVE-2020-29139
MISC
MISC
MISC
MISC
openldap -- openldap
 
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.2021-02-14not yet calculatedCVE-2021-27212
MISC
MISC
MISC
MLIST
opennms -- meridian
 
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.2021-02-17not yet calculatedCVE-2021-3396
MISC
CONFIRM
openrepeater -- openrepeater
 
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.2021-02-19not yet calculatedCVE-2019-25024
MISC
MISC
openssl -- opensllThe OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).2021-02-16not yet calculatedCVE-2021-23841
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM
openssl -- opensll
 
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).2021-02-16not yet calculatedCVE-2021-23840
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM
openssl -- openssl
 
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).2021-02-16not yet calculatedCVE-2021-23839
CONFIRM
CONFIRM
CONFIRM
owncloud -- owncloudIn the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.2021-02-19not yet calculatedCVE-2020-36250
MISC
owncloud -- owncloudownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.2021-02-19not yet calculatedCVE-2020-36252
MISC
owncloud -- owncloud
 
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.2021-02-19not yet calculatedCVE-2020-36251
MISC
owncloud -- owncloud
 
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.2021-02-19not yet calculatedCVE-2020-36249
MISC
owncloud -- owncloud
 
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.2021-02-19not yet calculatedCVE-2020-36248
MISC
owncloud -- owncloud
 
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.2021-02-19not yet calculatedCVE-2020-10254
MISC
CONFIRM
MISC
owncloud -- owncloud
 
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.2021-02-19not yet calculatedCVE-2020-10252
MISC
CONFIRM
MISC
pelco -- digital_sentry_server
 
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.2021-02-16not yet calculatedCVE-2021-27232
MISC
MISC
phpgurukul -- car_rental_project
 
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.2021-02-17not yet calculatedCVE-2021-26809
MISC
MISC
pi-hole -- pi-holePi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.2021-02-18not yet calculatedCVE-2020-35592
MISC
MISC
pi-hole -- pi-hole
 
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.2021-02-18not yet calculatedCVE-2020-35591
MISC
MISC
pimcore -- pimcore
 
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.2021-02-18not yet calculatedCVE-2021-23340
MISC
MISC
MISC
pnglmg -- pnglmg
 
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.2021-02-20not yet calculatedCVE-2020-28248
MISC
MISC
MISC
MISC
powerlogic -- multiple_products
 
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.2021-02-19not yet calculatedCVE-2021-22701
MISC
powerlogic -- multiple_products
 
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.2021-02-19not yet calculatedCVE-2021-22703
MISC
powerlogic -- multiple_products
 
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.2021-02-19not yet calculatedCVE-2021-22702
MISC
pressbooks -- pressbooks
 
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.2021-02-18not yet calculatedCVE-2021-3271
MISC
MISC
MISC
prism-asciidoc -- prism-asciidoc
 
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.2021-02-18not yet calculatedCVE-2021-23341
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
property_management_system -- property_management_system
 
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.2021-02-17not yet calculatedCVE-2021-22858
CONFIRM
MISC
prototye_pollution -- prototype_pollution
 
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .2021-02-18not yet calculatedCVE-2020-28499
CONFIRM
CONFIRM
CONFIRM
qlib -- qlib
 
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.2021-02-15not yet calculatedCVE-2021-23338
MISC
MISC
qnap -- nas_devices
 
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)2021-02-17not yet calculatedCVE-2020-2501
MISC
qnap -- photo_station
 
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later2021-02-17not yet calculatedCVE-2020-2502
MISC
racom -- midge_firmware

 

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.2021-02-16not yet calculatedCVE-2021-20074
MISC
racom -- midge_firmware
 
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.2021-02-16not yet calculatedCVE-2021-20067
MISC
racom -- midge_firmware
 
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.2021-02-16not yet calculatedCVE-2021-20073
MISC
racom -- midge_firmware
 
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.2021-02-16not yet calculatedCVE-2021-20072
MISC
reportlab -- reportlab
 
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF2021-02-18not yet calculatedCVE-2020-28463
CONFIRM
CONFIRM
rust -- rustAn issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.2021-02-18not yet calculatedCVE-2021-27377
MISC
rust -- rust
 
An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures.2021-02-18not yet calculatedCVE-2021-27376
MISC
rust -- rust
 
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.2021-02-18not yet calculatedCVE-2021-27378
MISC
sangoma -- asteriskAn issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.2021-02-18not yet calculatedCVE-2021-26717
MISC
FULLDISC
MISC
CONFIRM
CONFIRM
sangoma -- asterisk
 
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.2021-02-19not yet calculatedCVE-2021-26713
MISC
MISC
MISC
sangoma -- asterisk
 
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.2021-02-18not yet calculatedCVE-2020-35776
MISC
FULLDISC
CONFIRM
MISC
CONFIRM
sangoma -- asterisk
 
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.2021-02-18not yet calculatedCVE-2021-26712
MISC
FULLDISC
MISC
CONFIRM
CONFIRM
secomea -- gatemanagerAn Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c2021-02-15not yet calculatedCVE-2020-29031
MISC
secomea -- gatemanager
 
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.2021-02-15not yet calculatedCVE-2020-29026
MISC
secomea -- gatemanager
 
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.2021-02-16not yet calculatedCVE-2020-29024
MISC
secomea -- gatemanager
 
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.2021-02-16not yet calculatedCVE-2020-29023
MISC
CONFIRM
secomea -- gatemanager
 
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.32021-02-16not yet calculatedCVE-2020-29022
MISC
smartstorenet -- smartstorenet
 
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).2021-02-19not yet calculatedCVE-2020-27997
MISC
MISC
soar -- cloud_systemThe specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.2021-02-17not yet calculatedCVE-2021-22855
CONFIRM
MISC
soar -- cloud_system
 
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.2021-02-17not yet calculatedCVE-2021-22853
CONFIRM
MISC
soar -- cloud_system
 
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.2021-02-17not yet calculatedCVE-2021-22854
CONFIRM
MISC
steghide -- steghide
 
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.2021-02-15not yet calculatedCVE-2021-27211
MISC
MISC
MISC
sytech -- xl_reporter
 
An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.2021-02-19not yet calculatedCVE-2020-13549
MISC
teachers_record_management_system -- teachers_record_management_system
 
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.2021-02-15not yet calculatedCVE-2021-26822
MISC
MISC
telsa -- solarcity_solar_monitoring_gateway
 
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.2021-02-18not yet calculatedCVE-2020-9306
CONFIRM
MISC
MISC
MISC
testes_de_codigo -- testes_de_codigo
 
Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and "isPremium" located on device storage.2021-02-16not yet calculatedCVE-2021-25648
MISC
three -- three
 
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms")2021-02-18not yet calculatedCVE-2020-28496
MISC
MISC
MISC
MISC
traefik -- traefik
 
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains.2021-02-18not yet calculatedCVE-2021-27375
MISC
CONFIRM
uap-core -- uap-core
 
uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.2021-02-16not yet calculatedCVE-2021-21317
MISC
CONFIRM
MISC
uprism -- uprism
 
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.2021-02-17not yet calculatedCVE-2020-7849
MISC
vertigis -- weboffice
 
VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation."2021-02-17not yet calculatedCVE-2021-27374
MISC
MISC
visualware -- myconnection_server
 
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.2021-02-19not yet calculatedCVE-2021-27509
MISC
voloko-- twitter-stream
 
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).2021-02-19not yet calculatedCVE-2020-24392
MISC
MISC
voloko-- twitter-stream
 
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.2021-02-19not yet calculatedCVE-2020-24393
MISC
MISC
webware -- webdesktop
 
SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.2021-02-19not yet calculatedCVE-2021-3204
MISC
wireshark -- wireshark
 
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file2021-02-17not yet calculatedCVE-2021-22174
CONFIRM
MISC
MISC
wireshark -- wireshark
 
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file2021-02-17not yet calculatedCVE-2021-22173
CONFIRM
MISC
MISC
xen -- xen
 
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.2021-02-18not yet calculatedCVE-2021-27379
MISC
yeastar -- neogate_devicesYeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.2021-02-19not yet calculatedCVE-2021-27328
MISC
MISC
zoho -- manageengine_adselfservice_plus
 
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.2021-02-19not yet calculatedCVE-2021-27214
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.