This article is contributed. See the original author and article here.
74cms — 74cms
|
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. |
2021-02-17 |
not yet calculated |
CVE-2020-35339
MISC
MISC |
activepresenter — activepresenter
|
ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution. |
2021-02-15 |
not yet calculated |
CVE-2021-3375
MISC |
agora — video_sdk
|
Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic. |
2021-02-17 |
not yet calculated |
CVE-2020-25605
MISC
MISC |
alfresco_enterprise — content_management
|
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. |
2021-02-19 |
not yet calculated |
CVE-2020-12873
MISC
MISC |
amaze — file_manager
|
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. |
2021-02-19 |
not yet calculated |
CVE-2020-36246
MISC
MISC |
apache — airflow
|
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0. |
2021-02-17 |
not yet calculated |
CVE-2021-26697
MLIST
MLIST
MISC
MLIST
MLIST |
apache — airflow
|
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. |
2021-02-17 |
not yet calculated |
CVE-2021-26559
MLIST
MISC
MLIST |
apache — myfaces
|
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. |
2021-02-19 |
not yet calculated |
CVE-2021-26296
FULLDISC
MISC |
askey — multiple_devices
|
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. |
2021-02-19 |
not yet calculated |
CVE-2021-27403
MISC |
askey — multiple_devices
|
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. |
2021-02-19 |
not yet calculated |
CVE-2021-27404
MISC |
async-git — async-git
|
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset(‘atouch HACKEDb’) |
2021-02-18 |
not yet calculated |
CVE-2020-28490
MISC
MISC
MISC |
atlassian — bitbucket_server_and_data_center
|
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. |
2021-02-18 |
not yet calculated |
CVE-2020-36233
MISC
CERT-VN |
baby_care_system — baby_care_system
|
Baby Care System v1.0 is vulnerable to SQL injection via the ‘id’ parameter on the contentsectionpage.php page. |
2021-02-17 |
not yet calculated |
CVE-2021-25779
MISC |
baby_care_system — baby_care_system
|
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. |
2021-02-17 |
not yet calculated |
CVE-2021-25780
MISC |
batflat — batlfat
|
** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user’s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
2021-02-15 |
not yet calculated |
CVE-2020-35734
MISC
MISC
MISC
MISC |
bind — multiple_products
|
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND’s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch |
2021-02-17 |
not yet calculated |
CVE-2020-8625
MLIST
MLIST
CONFIRM
MLIST
DEBIAN |
bloodhound — bloodhound
|
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter. |
2021-02-19 |
not yet calculated |
CVE-2021-3210
MISC
MISC
MISC |
bolt — bolt
|
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. |
2021-02-17 |
not yet calculated |
CVE-2021-27367
MISC
MISC |
canary_mail — canary_mail
|
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. |
2021-02-17 |
not yet calculated |
CVE-2021-26911
MLIST
MISC
MISC
MISC
CONFIRM
MISC |
casap — automated_enrollment_system
|
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page. |
2021-02-15 |
not yet calculated |
CVE-2021-26201
MISC |
centreon — 19.10-e17
|
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. |
2021-02-15 |
not yet calculated |
CVE-2020-22425
MISC
MISC |
chamilo — chamilo
|
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. |
2021-02-19 |
not yet calculated |
CVE-2021-26746
CONFIRM
MISC
MISC |
checkmk — checkmk
|
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory. |
2021-02-19 |
not yet calculated |
CVE-2020-24908
MISC |
cisco — anyconnect_secure_mobilty_client
|
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. |
2021-02-17 |
not yet calculated |
CVE-2021-1366
CISCO |
cisco — csdj
|
Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors. |
2021-02-17 |
not yet calculated |
CVE-2021-20653
MISC
MISC |
| cisco — identity_services_engine |
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. |
2021-02-17 |
not yet calculated |
CVE-2021-1416
CISCO |
cisco — identity_services_engine
|
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. |
2021-02-17 |
not yet calculated |
CVE-2021-1412
CISCO |
| cisco — staros |
A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device. |
2021-02-17 |
not yet calculated |
CVE-2021-1378
CISCO |
cisco — webex_meetings
|
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
2021-02-17 |
not yet calculated |
CVE-2021-1351
CISCO |
cisco — webex_meetings_desktop_app_and_webex_productivity_tools
|
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system. |
2021-02-17 |
not yet calculated |
CVE-2021-1372
CISCO |
com.typesafe.akka:akka-http-core — com.typesafe.akka:akka-http-core
|
This affects all versions of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers. |
2021-02-17 |
not yet calculated |
CVE-2021-23339
MISC
MISC |
d-bus — d-bus
|
A use-after-free flaw was found in D-Bus 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors |
2021-02-15 |
not yet calculated |
CVE-2020-35512
MISC |
das — u-boot
|
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. |
2021-02-17 |
not yet calculated |
CVE-2021-27138
MISC
MISC
MISC |
das — u-boot
|
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. |
2021-02-17 |
not yet calculated |
CVE-2021-27097
MISC
MISC
MISC |
debian — avahi_package
|
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. |
2021-02-17 |
not yet calculated |
CVE-2021-26720
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC |
dekart — private_disk
|
In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing. |
2021-02-16 |
not yet calculated |
CVE-2021-27203
MISC
MISC |
dell — emc_avamar_server
|
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users’ backup data. |
2021-02-15 |
not yet calculated |
CVE-2021-21511
CONFIRM |
dell — emc_powerprotect_cyber_recovery
|
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. |
2021-02-19 |
not yet calculated |
CVE-2021-21512
MISC |
digi — connectport_x2e
|
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. |
2021-02-18 |
not yet calculated |
CVE-2020-12878
MISC
MISC
MISC |
digium — asterisk
|
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. |
2021-02-18 |
not yet calculated |
CVE-2021-26906
MISC
FULLDISC
MISC
CONFIRM
CONFIRM |
dji — mavic_2_remote_controller
|
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. |
2021-02-18 |
not yet calculated |
CVE-2020-29664
MISC
MISC
MISC
MISC |
docsify — docsify
|
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters |
2021-02-19 |
not yet calculated |
CVE-2021-23342
FULLDISC
MISC
MISC
MISC |
doctor_appointment_system — doctor_apointment_system
|
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. |
2021-02-18 |
not yet calculated |
CVE-2021-27124
MISC
MISC
MISC |
e-learning_system — e-learning_system
|
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. |
2021-02-15 |
not yet calculated |
CVE-2021-3239
MISC
MISC
MISC |
endalia — selection_portal
|
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number). |
2021-02-18 |
not yet calculated |
CVE-2020-35577
MISC
MISC |
endian — firewall_community
|
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. |
2021-02-15 |
not yet calculated |
CVE-2021-27201
MISC
MISC
MISC |
fedora_project — fedora_33
|
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. |
2021-02-15 |
not yet calculated |
CVE-2021-23336
MLIST
MISC
MLIST
FEDORA
FEDORA
MISC
MISC |
filezen — filezen
|
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. |
2021-02-17 |
not yet calculated |
CVE-2021-20655
MISC
MISC |
finalwire — aida64_engineer
|
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. |
2021-02-19 |
not yet calculated |
CVE-2020-19513
EXPLOIT-DB |
friendica — friendica
|
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. |
2021-02-18 |
not yet calculated |
CVE-2021-27329
MISC |
fuji — electric_v-server_lite
|
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. |
2021-02-19 |
not yet calculated |
CVE-2020-25171
MISC |
ge-digital — hmi/scada_ifix
|
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. |
2021-02-18 |
not yet calculated |
CVE-2019-18255
MISC |
ge-digital — hmi/scada_ifix
|
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. |
2021-02-18 |
not yet calculated |
CVE-2019-18243
MISC |
gerrit — gerrit_servers
|
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above. |
2021-02-17 |
not yet calculated |
CVE-2021-22553
CONFIRM |
gnome — glib
|
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. |
2021-02-15 |
not yet calculated |
CVE-2021-27218
MISC
MISC |
gnome — glib
|
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. |
2021-02-15 |
not yet calculated |
CVE-2021-27219
MISC |
google — android
|
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. |
2021-02-19 |
not yet calculated |
CVE-2021-27351
MISC |
gramaddict — gramaddict
|
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network. |
2021-02-17 |
not yet calculated |
CVE-2020-36245
MISC |
hestia — control_panel
|
Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer’s domain name, leading to spoofing of services or email messages. |
2021-02-16 |
not yet calculated |
CVE-2021-27231
MISC
MISC |
hilscher — ethernet/ip_core_v2
|
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. |
2021-02-16 |
not yet calculated |
CVE-2021-20987
CONFIRM
CONFIRM |
hilscher — profinet_io_device_v3
|
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication. |
2021-02-16 |
not yet calculated |
CVE-2021-20986
CONFIRM
CONFIRM |
ibm — jazz_reporting_service
|
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751. |
2021-02-18 |
not yet calculated |
CVE-2020-4933
XF
CONFIRM |
ibm — maximo_for_civil_infrastructure
|
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. |
2021-02-18 |
not yet calculated |
CVE-2021-20445
XF
CONFIRM |
ibm — maximo_for_civil_infrastructure
|
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620. |
2021-02-18 |
not yet calculated |
CVE-2021-20444
XF
CONFIRM |
ibm — maximo_for_civil_infrastructure
|
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619. |
2021-02-18 |
not yet calculated |
CVE-2021-20443
XF
CONFIRM |
ibm — websphere_application_server
|
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. |
2021-02-18 |
not yet calculated |
CVE-2021-20354
XF
CONFIRM |
intel — 10th_generation_core_processors
|
Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24491
MISC |
intel — 700-series_ethernet_controllers
|
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24495
MISC |
intel — 700-series_ethernet_controllers
|
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24493
MISC |
intel — 700-series_ethernet_controllers
|
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24505
MISC |
intel — 722_ethernet_controllers
|
Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24496
MISC |
intel — 722_ethernet_controllers
|
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24494
MISC |
intel — 722_ethernet_controllors
|
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24492
MISC |
intel — 7360_cell_modem
|
Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access. |
2021-02-17 |
not yet calculated |
CVE-2020-24482
MISC |
intel — collaboration_suite
|
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. |
2021-02-17 |
not yet calculated |
CVE-2020-12339
MISC |
intel — e810_ethernet_adaptor_driver
|
Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24502
MISC |
intel — e810_ethernet_adaptor_drivers
|
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24504
MISC |
intel — e810_ethernet_adaptor_drivers
|
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24503
MISC |
intel — e810_ethernet_controllers
|
Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24497
MISC |
intel — e810_ethernet_controllers
|
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24498
MISC |
intel — e810_ethernet_controllers
|
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24500
MISC |
intel — e810_ethernet_controllers
|
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
2021-02-17 |
not yet calculated |
CVE-2020-24501
MISC |
intel — epid_sdk
|
Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24453
MISC |
intel — ethernet_i210_controller
|
Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-0523
MISC |
intel — ethernet_i210_controller
|
Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-0525
MISC |
intel — ethernet_i210_controller
|
Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-0524
MISC |
intel — ethernet_i210_controller
|
Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-0522
MISC |
intel — graphics_driver
|
Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-8678
MISC |
| intel — graphics_drivers |
Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-0544
MISC |
| intel — graphics_drivers |
Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12386
MISC |
| intel — graphics_drivers |
Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12370
MISC |
| intel — graphics_drivers |
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12367
MISC |
| intel — graphics_drivers |
Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12365
MISC |
| intel — graphics_drivers |
Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12366
MISC |
| intel — graphics_drivers |
Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12373
MISC |
intel — graphics_drivers
|
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12364
MISC |
intel — graphics_drivers
|
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12368
MISC |
intel — graphics_drivers
|
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12369
MISC |
intel — graphics_drivers
|
Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24450
MISC |
intel — graphics_drivers
|
Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12371
MISC |
intel — graphics_drivers
|
Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12372
MISC |
intel — graphics_drivers
|
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12362
MISC |
intel — graphics_drivers
|
Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12361
MISC |
intel — graphics_drivers
|
Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12384
MISC |
intel — graphics_drivers
|
Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12385
MISC |
intel — graphics_drivers
|
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24448
MISC |
intel — graphics_drivers
|
Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-0521
MISC |
intel — graphics_drivers
|
Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12363
MISC |
intel — grpahics_driver
|
Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24462
MISC |
intel — hd_graphics_control_panel
|
Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-0518
MISC |
| intel — multiple_products |
Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12380
MISC |
| intel — multiple_products |
Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12376
MISC |
| intel — multiple_products |
Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12377
MISC |
intel — multiple_products
|
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. |
2021-02-19 |
not yet calculated |
CVE-2020-12374
MISC |
intel — multiple_products
|
Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-12375
MISC |
intel — optane_dc_persistent_memory
|
Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24451
MISC |
intel — proset/wireless_wifi_and_killer_drivers
|
Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access. |
2021-02-17 |
not yet calculated |
CVE-2020-24458
MISC |
intel — quartus_prime_pro
|
Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24481
MISC |
| intel — realsense_dcm |
Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-8765
MISC |
intel — sgx_platform_software
|
Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24452
MISC |
intel — soc_driver
|
Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2021-0109
MISC |
intel — ssd_toolbox
|
Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-8701
MISC |
intel — trace_analyzer_and_collector
|
Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24485
MISC |
intel — xtu
|
Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access. |
2021-02-17 |
not yet calculated |
CVE-2020-24480
MISC |
| irfanview — irfanview |
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code. |
2021-02-17 |
not yet calculated |
CVE-2021-27362
MISC
MISC |
irfanview — irfanview
|
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. |
2021-02-17 |
not yet calculated |
CVE-2021-27224
MISC
MISC
MISC |
jackson-dataformat-cbor — jackson-dataformat-cbor
|
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. |
2021-02-18 |
not yet calculated |
CVE-2020-28491
CONFIRM
CONFIRM
CONFIRM |
jinjava — jinjava
|
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure. |
2021-02-19 |
not yet calculated |
CVE-2020-12668
MISC
MISC
MISC
MISC
MISC |
jsdom — jsdom
|
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. |
2021-02-16 |
not yet calculated |
CVE-2021-20066
MISC |
kollectapps — kollectapps
|
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. |
2021-02-18 |
not yet calculated |
CVE-2021-27335
MISC |
less-openui5 — less-openui5
|
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0. |
2021-02-16 |
not yet calculated |
CVE-2021-21316
MISC
MISC
MISC
CONFIRM
MISC |
library_system — library_system
|
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user. |
2021-02-15 |
not yet calculated |
CVE-2021-26200
MISC |
| linux — linux_kernel |
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. |
2021-02-17 |
not yet calculated |
CVE-2021-26933
MISC |
| linux — linux_kernel |
An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn’t stated accordingly in its support status entry. |
2021-02-17 |
not yet calculated |
CVE-2021-26934
MISC |
linux — linux_kernel
|
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. |
2021-02-19 |
not yet calculated |
CVE-2020-35499
MISC |
linux — linux_kernel
|
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn’t mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. |
2021-02-17 |
not yet calculated |
CVE-2021-26930
MISC |
linux — linux_kernel
|
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn’t correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. |
2021-02-17 |
not yet calculated |
CVE-2021-26931
MISC |
linux — linux_kernel
|
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. |
2021-02-17 |
not yet calculated |
CVE-2021-26932
MISC |
livy — livy
|
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users’ sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating. |
2021-02-20 |
not yet calculated |
CVE-2021-26544
MLIST
CONFIRM
CONFIRM |
lodash — lodash
|
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template. |
2021-02-15 |
not yet calculated |
CVE-2021-23337
MISC
MISC
MISC
MISC
MISC
MISC
MISC |
lodash — lodash
|
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require(‘lodash’); function build_blank (n) { var ret = “1” for (var i = 0; i < n; i++) { ret += ” ” } return ret + “1”; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() – time0; console.log(“time_cost0: ” + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() – time1; console.log(“time_cost1: ” + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() – time2; console.log(“time_cost2: ” + time_cost2) |
2021-02-15 |
not yet calculated |
CVE-2020-28500
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM |
mailtrain — mailtrain
|
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. |
2021-02-19 |
not yet calculated |
CVE-2020-24617
MISC
MISC |
mcafee — web_gateway
|
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. |
2021-02-17 |
not yet calculated |
CVE-2021-23885
CONFIRM |
metasys — reporting_engine_web_services
|
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. |
2021-02-19 |
not yet calculated |
CVE-2020-9050
CONFIRM
CERT |
microweber — microweber
|
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file. |
2021-02-15 |
not yet calculated |
CVE-2020-28337
MISC
MISC
MISC |
mitsubishi — electric_fa_engineering_software
|
Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. |
2021-02-19 |
not yet calculated |
CVE-2021-20588
MISC
MISC |
mitsubishi — electric_fa_engineering_software
|
Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. |
2021-02-19 |
not yet calculated |
CVE-2021-20587
MISC
MISC |
modernflow — modernflow
|
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. |
2021-02-19 |
not yet calculated |
CVE-2021-3339
MISC
MISC |
mumble — mumble
|
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. |
2021-02-16 |
not yet calculated |
CVE-2021-27229
MISC
MISC
MISC
MLIST |
| mutare — voice |
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue. |
2021-02-16 |
not yet calculated |
CVE-2021-27233
MISC |
mutare — voice
|
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database. |
2021-02-16 |
not yet calculated |
CVE-2021-27235
MISC |
mutare — voice
|
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp. |
2021-02-16 |
not yet calculated |
CVE-2021-27234
MISC |
mutare — voice
|
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution. |
2021-02-16 |
not yet calculated |
CVE-2021-27236
MISC |
nagios — xi_5.7.2
|
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. |
2021-02-15 |
not yet calculated |
CVE-2020-24899
MISC |
nagiosxi — 5.6.11
|
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into a request. |
2021-02-15 |
not yet calculated |
CVE-2020-22427
MISC |
netis — multiple_devices
|
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. |
2021-02-18 |
not yet calculated |
CVE-2021-26747
MISC
MISC |
| node.js — node.js |
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js. |
2021-02-19 |
not yet calculated |
CVE-2021-27405
MISC
MISC
MISC |
| node.js — node.js |
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. |
2021-02-19 |
not yet calculated |
CVE-2021-3189
MISC
MISC |
node.js — node.js
|
The System Information Library for Node.JS (npm package “systeminformation”) is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() … do only allow strings, reject any arrays. String sanitation works as expected. |
2021-02-16 |
not yet calculated |
CVE-2021-21315
MISC
CONFIRM
MISC |
ondemand — ondemand
|
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. |
2021-02-19 |
not yet calculated |
CVE-2020-36247
MISC |
opc_ua.net — opc_ua.net
|
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates. |
2021-02-16 |
not yet calculated |
CVE-2020-29457
MISC
CONFIRM
MISC |
opencast — opencast
|
Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2. |
2021-02-18 |
not yet calculated |
CVE-2021-21318
MISC
CONFIRM |
openemr — openemr
|
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. |
2021-02-15 |
not yet calculated |
CVE-2020-29140
MISC
MISC
MISC
MISC
MISC |
openemr — openemr
|
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. |
2021-02-15 |
not yet calculated |
CVE-2020-29143
MISC
MISC
MISC
MISC |
openemr — openemr
|
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. |
2021-02-15 |
not yet calculated |
CVE-2020-29139
MISC
MISC
MISC
MISC |
openldap — openldap
|
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. |
2021-02-14 |
not yet calculated |
CVE-2021-27212
MISC
MISC
MISC
MLIST |
opennms — meridian
|
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions. |
2021-02-17 |
not yet calculated |
CVE-2021-3396
MISC
CONFIRM |
openrepeater — openrepeater
|
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. |
2021-02-19 |
not yet calculated |
CVE-2019-25024
MISC
MISC |
| openssl — opensll |
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
2021-02-16 |
not yet calculated |
CVE-2021-23841
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM |
openssl — opensll
|
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
2021-02-16 |
not yet calculated |
CVE-2021-23840
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM |
openssl — openssl
|
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). |
2021-02-16 |
not yet calculated |
CVE-2021-23839
CONFIRM
CONFIRM
CONFIRM |
| owncloud — owncloud |
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. |
2021-02-19 |
not yet calculated |
CVE-2020-36250
MISC |
| owncloud — owncloud |
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. |
2021-02-19 |
not yet calculated |
CVE-2020-36252
MISC |
owncloud — owncloud
|
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else’s access to that share. |
2021-02-19 |
not yet calculated |
CVE-2020-36251
MISC |
owncloud — owncloud
|
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. |
2021-02-19 |
not yet calculated |
CVE-2020-36249
MISC |
owncloud — owncloud
|
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. |
2021-02-19 |
not yet calculated |
CVE-2020-36248
MISC |
owncloud — owncloud
|
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview. |
2021-02-19 |
not yet calculated |
CVE-2020-10254
MISC
CONFIRM
MISC |
owncloud — owncloud
|
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack. |
2021-02-19 |
not yet calculated |
CVE-2020-10252
MISC
CONFIRM
MISC |
pelco — digital_sentry_server
|
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered. |
2021-02-16 |
not yet calculated |
CVE-2021-27232
MISC
MISC |
phpgurukul — car_rental_project
|
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. |
2021-02-17 |
not yet calculated |
CVE-2021-26809
MISC
MISC |
| pi-hole — pi-hole |
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie. |
2021-02-18 |
not yet calculated |
CVE-2020-35592
MISC
MISC |
pi-hole — pi-hole
|
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user’s account through the active session. |
2021-02-18 |
not yet calculated |
CVE-2020-35591
MISC
MISC |
pimcore — pimcore
|
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability. |
2021-02-18 |
not yet calculated |
CVE-2021-23340
MISC
MISC
MISC |
pnglmg — pnglmg
|
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file. |
2021-02-20 |
not yet calculated |
CVE-2020-28248
MISC
MISC
MISC
MISC |
powerlogic — multiple_products
|
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. |
2021-02-19 |
not yet calculated |
CVE-2021-22701
MISC |
powerlogic — multiple_products
|
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. |
2021-02-19 |
not yet calculated |
CVE-2021-22703
MISC |
powerlogic — multiple_products
|
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. |
2021-02-19 |
not yet calculated |
CVE-2021-22702
MISC |
pressbooks — pressbooks
|
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info’s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS. |
2021-02-18 |
not yet calculated |
CVE-2021-3271
MISC
MISC
MISC |
prism-asciidoc — prism-asciidoc
|
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. |
2021-02-18 |
not yet calculated |
CVE-2021-23341
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM |
property_management_system — property_management_system
|
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. |
2021-02-17 |
not yet calculated |
CVE-2021-22858
CONFIRM
MISC |
prototye_pollution — prototype_pollution
|
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . |
2021-02-18 |
not yet calculated |
CVE-2020-28499
CONFIRM
CONFIRM
CONFIRM |
qlib — qlib
|
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function. |
2021-02-15 |
not yet calculated |
CVE-2021-23338
MISC
MISC |
qnap — nas_devices
|
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) |
2021-02-17 |
not yet calculated |
CVE-2020-2501
MISC |
qnap — photo_station
|
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later |
2021-02-17 |
not yet calculated |
CVE-2020-2502
MISC |
| racom — midge_firmware |
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. |
2021-02-16 |
not yet calculated |
CVE-2021-20074
MISC |
racom — midge_firmware
|
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. |
2021-02-16 |
not yet calculated |
CVE-2021-20067
MISC |
racom — midge_firmware
|
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. |
2021-02-16 |
not yet calculated |
CVE-2021-20073
MISC |
racom — midge_firmware
|
Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. |
2021-02-16 |
not yet calculated |
CVE-2021-20072
MISC |
reportlab — reportlab
|
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab’s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src=”http://127.0.0.1:5000″ valign=”top”/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF |
2021-02-18 |
not yet calculated |
CVE-2020-28463
CONFIRM
CONFIRM |
| rust — rust |
An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free. |
2021-02-18 |
not yet calculated |
CVE-2021-27377
MISC |
rust — rust
|
An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. |
2021-02-18 |
not yet calculated |
CVE-2021-27376
MISC |
rust — rust
|
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. |
2021-02-18 |
not yet calculated |
CVE-2021-27378
MISC |
| sangoma — asterisk |
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash. |
2021-02-18 |
not yet calculated |
CVE-2021-26717
MISC
FULLDISC
MISC
CONFIRM
CONFIRM |
sangoma — asterisk
|
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. |
2021-02-19 |
not yet calculated |
CVE-2021-26713
MISC
MISC
MISC |
sangoma — asterisk
|
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. |
2021-02-18 |
not yet calculated |
CVE-2020-35776
MISC
FULLDISC
CONFIRM
MISC
CONFIRM |
sangoma — asterisk
|
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. |
2021-02-18 |
not yet calculated |
CVE-2021-26712
MISC
FULLDISC
MISC
CONFIRM
CONFIRM |
| secomea — gatemanager |
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c |
2021-02-15 |
not yet calculated |
CVE-2020-29031
MISC |
secomea — gatemanager
|
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c. |
2021-02-15 |
not yet calculated |
CVE-2020-29026
MISC |
secomea — gatemanager
|
Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. |
2021-02-16 |
not yet calculated |
CVE-2020-29024
MISC |
secomea — gatemanager
|
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim’s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3. |
2021-02-16 |
not yet calculated |
CVE-2020-29023
MISC
CONFIRM |
secomea — gatemanager
|
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3 |
2021-02-16 |
not yet calculated |
CVE-2020-29022
MISC |
smartstorenet — smartstorenet
|
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). |
2021-02-19 |
not yet calculated |
CVE-2020-27997
MISC
MISC |
| soar — cloud_system |
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands. |
2021-02-17 |
not yet calculated |
CVE-2021-22855
CONFIRM
MISC |
soar — cloud_system
|
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work. |
2021-02-17 |
not yet calculated |
CVE-2021-22853
CONFIRM
MISC |
soar — cloud_system
|
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege. |
2021-02-17 |
not yet calculated |
CVE-2021-22854
CONFIRM
MISC |
steghide — steghide
|
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. |
2021-02-15 |
not yet calculated |
CVE-2021-27211
MISC
MISC
MISC |
sytech — xl_reporter
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. |
2021-02-19 |
not yet calculated |
CVE-2020-13549
MISC |
teachers_record_management_system — teachers_record_management_system
|
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in ‘searchteacher’ POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. |
2021-02-15 |
not yet calculated |
CVE-2021-26822
MISC
MISC |
telsa — solarcity_solar_monitoring_gateway
|
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a “Use of Hard-coded Credentials” issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. |
2021-02-18 |
not yet calculated |
CVE-2020-9306
CONFIRM
MISC
MISC
MISC |
testes_de_codigo — testes_de_codigo
|
Mobile application “Testes de Codigo” 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters “isAdmin” and “isPremium” located on device storage. |
2021-02-16 |
not yet calculated |
CVE-2021-25648
MISC |
three — three
|
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require(‘three’) function build_blank (n) { var ret = “rgb(” for (var i = 0; i < n; i++) { ret += ” ” } return ret + “”; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() – time; console.log(time_cost+” ms”) |
2021-02-18 |
not yet calculated |
CVE-2020-28496
MISC
MISC
MISC
MISC |
traefik — traefik
|
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. |
2021-02-18 |
not yet calculated |
CVE-2021-27375
MISC
CONFIRM |
uap-core — uap-core
|
uap-core in an open-source npm package which contains the core of BrowserScope’s original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes. |
2021-02-16 |
not yet calculated |
CVE-2021-21317
MISC
CONFIRM
MISC |
uprism — uprism
|
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. |
2021-02-17 |
not yet calculated |
CVE-2020-7849
MISC |
vertigis — weboffice
|
VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve “Zugriff auf Inhalte der WebOffice Applikation.” |
2021-02-17 |
not yet calculated |
CVE-2021-27374
MISC
MISC |
visualware — myconnection_server
|
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. |
2021-02-19 |
not yet calculated |
CVE-2021-27509
MISC |
voloko– twitter-stream
|
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused). |
2021-02-19 |
not yet calculated |
CVE-2020-24392
MISC
MISC |
voloko– twitter-stream
|
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack. |
2021-02-19 |
not yet calculated |
CVE-2020-24393
MISC
MISC |
webware — webdesktop
|
SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. |
2021-02-19 |
not yet calculated |
CVE-2021-3204
MISC |
wireshark — wireshark
|
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file |
2021-02-17 |
not yet calculated |
CVE-2021-22174
CONFIRM
MISC
MISC |
wireshark — wireshark
|
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file |
2021-02-17 |
not yet calculated |
CVE-2021-22173
CONFIRM
MISC
MISC |
xen — xen
|
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. |
2021-02-18 |
not yet calculated |
CVE-2021-27379
MISC |
| yeastar — neogate_devices |
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key. |
2021-02-19 |
not yet calculated |
CVE-2021-27328
MISC
MISC |
zoho — manageengine_adselfservice_plus
|
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. |
2021-02-19 |
not yet calculated |
CVE-2021-27214
MISC
MISC |
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments