Security Bulletin 23 Jun 2021

Published on 23 Jun 2021

Updated on 25 Jun 2021

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-6364 SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability. 10 https://nvd.nist.gov/vuln/detail/CVE-2020-6364
CVE-2020-14871 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). 10 https://nvd.nist.gov/vuln/detail/CVE-2020-14871
CVE-2020-26829 SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely. 10 https://nvd.nist.gov/vuln/detail/CVE-2020-26829
CVE-2020-4561 IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903. 10 https://nvd.nist.gov/vuln/detail/CVE-2020-4561
CVE-2021-32671 Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as --redacted-- resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2 10 https://nvd.nist.gov/vuln/detail/CVE-2021-32671
CVE-2021-25387 An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-25387
CVE-2021-21345 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21345
CVE-2016-4464 The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-4464
CVE-2017-5941 An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-5941
CVE-2017-6558 iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-6558
CVE-2015-0936 Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2015-0936
CVE-2017-11435 The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-11435
CVE-2012-0803 The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2012-0803
CVE-2017-12816 In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-12816
CVE-2017-14244 An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-14244
CVE-2017-12629 Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-12629
CVE-2018-11560 The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-11560
CVE-2018-12640 The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-12640
CVE-2017-18377 An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-18377
CVE-2019-12405 Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12405
CVE-2019-12419 Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12419
CVE-2019-18805 An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18805
CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17571
CVE-2020-6207 SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6207
CVE-2020-6994 A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6994
CVE-2020-15371 Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15371
CVE-2020-15373 Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15373
CVE-2020-15374 Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15374
CVE-2019-17640 In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17640
CVE-2019-7198 This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-7198
CVE-2020-28653 Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28653
CVE-2021-27804 JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27804
CVE-2021-27905 The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27905
CVE-2020-2509 A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2509
CVE-2021-23383 The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23383
CVE-2021-29921 In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29921
CVE-2021-30473 aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30473
CVE-2021-32090 The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32090
CVE-2021-32305 WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32305
CVE-2021-30475 aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30475
CVE-2021-32198 EmTec ZOC before 8.02.2 allows \\e[201~ pastes. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32198
CVE-2021-20698 Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20698
CVE-2021-20699 Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20699
CVE-2021-32673 reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32673
CVE-2021-31962 Kerberos AppContainer Security Feature Bypass Vulnerability 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31962
CVE-2020-11176 While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11176
CVE-2021-33841 SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33841
CVE-2021-23853 In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23853
CVE-2021-33357 A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33357
CVE-2021-33833 ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33833
CVE-2021-26691 In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26691
CVE-2021-25948 Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25948
CVE-2021-25949 Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25949
CVE-2020-23303 There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23303
CVE-2020-23306 There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23306
CVE-2020-23321 There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23321
CVE-2020-23323 There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23323
CVE-2021-3013 ripgrep before 13 allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3013
CVE-2021-25383 An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25383
CVE-2021-22175 When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22175
CVE-2021-23394 The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23394
CVE-2021-0324 Product: AndroidVersions: Android SoCAndroid ID: A-175402462 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0324
CVE-2020-29214 SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29214
CVE-2020-7864 Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7864
CVE-2021-33622 Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33622
CVE-2020-9493 A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9493
CVE-2020-22198 SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22198
CVE-2020-35760 bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35760
CVE-2020-22199 SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22199
CVE-2020-22203 SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22203
CVE-2020-22204 SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22204
CVE-2020-22205 SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22205
CVE-2020-22206 SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22206
CVE-2020-22208 SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22208
CVE-2020-22209 SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22209
CVE-2020-22210 SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22210
CVE-2020-22211 SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22211
CVE-2020-22212 SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22212
CVE-2020-25414 A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25414
CVE-2021-21669 Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21669
CVE-2021-33576 An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33576
CVE-2021-21280 Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21280
CVE-2021-31272 SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31272
CVE-2021-31597 The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected. 9.4 https://nvd.nist.gov/vuln/detail/CVE-2021-31597
CVE-2018-15152 Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2018-15152
CVE-2020-26837 SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26837
CVE-2021-26291 Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26291
CVE-2021-28860 In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS). 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28860
CVE-2021-23847 A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23847
CVE-2021-24035 A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24035
CVE-2020-5003 IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5003
CVE-2021-20093 A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20093

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2017-7852 D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7852
CVE-2016-8202 A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2016-8202
CVE-2017-7661 Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7661
CVE-2017-7662 Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7662
CVE-2017-12631 Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-12631
CVE-2018-13031 DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-13031
CVE-2020-15369 Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15369
CVE-2021-22112 Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22112
CVE-2021-21480 SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by Users having at least SAP_XMII_Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21480
CVE-2021-22191 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22191
CVE-2021-28664 The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28664
CVE-2021-31181 Microsoft SharePoint Remote Code Execution Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31181
CVE-2020-36197 An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36197
CVE-2020-4520 IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-4520
CVE-2021-24311 The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24311
CVE-2021-32924 Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\\cms\\modules\\front\\pages\\_builder::previewBlock method interacts unsafely with the IPS\\_Theme::runProcessFunction method. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32924
CVE-2021-27657 Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27657
CVE-2021-32674 Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.21 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32674
CVE-2021-31342 The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31342
CVE-2021-31343 The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocation structure. An attacker could leverage this vulnerability to execute code in the context of the current process. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31343
CVE-2021-20731 WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20731
CVE-2020-11256 Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Snapdragon Wired Infrastructure and Networking 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11256
CVE-2020-11257 Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11257
CVE-2020-11258 Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11258
CVE-2020-11259 Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11259
CVE-2021-33842 Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33842
CVE-2021-29995 A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29995
CVE-2021-33356 Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33356
CVE-2021-33358 Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33358
CVE-2021-0070 Improper input validation in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0070
CVE-2021-0101 Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0101
CVE-2021-33894 In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33894
CVE-2021-33393 lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33393
CVE-2021-31928 Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31928
CVE-2021-26195 An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26195
CVE-2021-28814 An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28814
CVE-2021-26828 OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26828
CVE-2021-33205 Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33205
CVE-2021-26995 E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26995
CVE-2021-25424 Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25424
CVE-2021-29754 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29754
CVE-2020-13663 Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13663
CVE-2021-23140 Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23140
CVE-2021-24347 The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP". 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24347
CVE-2021-24352 The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24352
CVE-2021-24353 The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24353
CVE-2021-24354 A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24354
CVE-2021-24356 In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24356
CVE-2021-34128 LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34128
CVE-2021-30544 Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30544
CVE-2021-30545 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30545
CVE-2021-30546 Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30546
CVE-2021-30547 Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30547
CVE-2021-30548 Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30548
CVE-2021-30549 Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30549
CVE-2021-30550 Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30550
CVE-2021-30551 Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30551
CVE-2021-30552 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30552
CVE-2021-30553 Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30553
CVE-2021-27489 ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27489
CVE-2020-22201 phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22201
CVE-2020-36388 In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36388
CVE-2021-0507 In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0507
CVE-2021-22214 When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-22214
CVE-2021-30465 runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30465
CVE-2020-11260 An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile 8.4 https://nvd.nist.gov/vuln/detail/CVE-2020-11260
CVE-2020-4300 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-4300
CVE-2021-3546 A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-3546
CVE-2018-8039 It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-8039
CVE-2019-6531 An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-6531
CVE-2020-26830 SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26830
CVE-2021-20305 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20305
CVE-2021-32660 Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is hosted on the same origin as the Backstage app or other backend plugins, this may give access to sensitive data. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.6.4` release of `@backstage/techdocs-common`. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32660
CVE-2021-0133 Key exchange without entity authentication in the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-0133
CVE-2021-22901 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22901
CVE-2021-23205 Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23205
CVE-2021-34129 LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-34129
CVE-2021-34551 PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-34551
CVE-2016-8709 A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-8709
CVE-2016-8713 A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-8713
CVE-2020-27402 The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27402
CVE-2020-26155 Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26155
CVE-2021-28927 The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28927
CVE-2020-35519 An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35519
CVE-2021-22118 In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22118
CVE-2021-27032 Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27032
CVE-2010-3843 The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2010-3843
CVE-2021-1526 A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1526
CVE-2020-36385 An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36385
CVE-2020-36387 An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36387
CVE-2021-22548 An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22548
CVE-2021-22549 An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22549
CVE-2021-22550 An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22550
CVE-2021-27387 A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27399. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12819) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27387
CVE-2021-27390 A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27390
CVE-2021-27399 A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27387. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12820) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27399
CVE-2020-11261 Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11261
CVE-2020-11267 Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11267
CVE-2020-11306 Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11306
CVE-2021-31837 Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31837
CVE-2021-33669 Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33669
CVE-2020-27384 The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27384
CVE-2020-12360 Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12360
CVE-2020-27383 Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control" 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27383
CVE-2021-0056 Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0056
CVE-2021-0057 Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0057
CVE-2021-0058 Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0058
CVE-2021-0100 Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0100
CVE-2021-0102 Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0102
CVE-2021-25322 A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25322
CVE-2021-23023 On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23023
CVE-2021-25682 It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25682
CVE-2021-25683 It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25683
CVE-2021-25684 It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25684
CVE-2021-25400 Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25400
CVE-2021-25401 Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25401
CVE-2021-25407 A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25407
CVE-2021-25408 A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25408
CVE-2021-25412 An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25412
CVE-2021-25414 Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25414
CVE-2021-25418 Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25418
CVE-2021-21808 A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21808
CVE-2021-21824 An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21824
CVE-2021-31478 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12633. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31478
CVE-2021-31479 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12634. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31479
CVE-2021-31480 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12654. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31480
CVE-2021-31481 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SLDPRT files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12659. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31481
CVE-2021-31482 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12708. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31482
CVE-2021-31483 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12709. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31483
CVE-2021-31484 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12710. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31484
CVE-2021-31485 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31485
CVE-2021-31486 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31486
CVE-2021-31487 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31487
CVE-2021-31488 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31488
CVE-2021-31489 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31489
CVE-2021-31490 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31490
CVE-2021-31491 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31491
CVE-2021-31492 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31492
CVE-2021-31493 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31493
CVE-2021-31494 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31494
CVE-2021-31495 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31495
CVE-2021-31496 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31496
CVE-2021-31497 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31497
CVE-2021-31499 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31499
CVE-2021-31500 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31500
CVE-2021-27483 ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27483
CVE-2021-34803 TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34803
CVE-2021-32946 An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32946
CVE-2021-32936 An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32936
CVE-2021-32944 A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32944
CVE-2021-32948 An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32948
CVE-2021-32952 An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32952
CVE-2021-0478 In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0478
CVE-2021-0505 In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179975048 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0505
CVE-2017-5656 Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-5656
CVE-2015-5175 Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-5175
CVE-2017-7670 The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-7670
CVE-2016-8739 The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-8739
CVE-2017-3156 The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-3156
CVE-2017-12817 In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-12817
CVE-2018-8038 Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8038
CVE-2019-19603 SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19603
CVE-2017-18640 The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-18640
CVE-2019-19889 An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19889
CVE-2019-19890 An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19890
CVE-2019-12423 Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12423
CVE-2019-16203 Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-16203
CVE-2019-16204 Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-16204
CVE-2020-11946 Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11946
CVE-2020-1967 Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1967
CVE-2020-12116 Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12116
CVE-2020-13818 In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13818
CVE-2020-11979 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11979
CVE-2020-25649 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25649
CVE-2020-36226 A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36226
CVE-2021-26117 The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26117
CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23840
CVE-2021-22173 Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22173
CVE-2021-22174 Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22174
CVE-2021-22883 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22883
CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22884
CVE-2021-22696 CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22696
CVE-2021-31542 In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31542
CVE-2020-20178 Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20178
CVE-2021-33038 An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33038
CVE-2021-33506 jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33506
CVE-2019-4723 IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-4723
CVE-2019-4724 IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-4724
CVE-2020-14380 An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14380
CVE-2021-31701 Mintty before 3.4.7 mishandles Bracketed Paste Mode. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31701
CVE-2021-22116 RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22116
CVE-2020-26515 An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26515
CVE-2021-33175 EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33175
CVE-2021-33176 VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33176
CVE-2021-33203 Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33203
CVE-2021-33571 In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33571
CVE-2021-31340 A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions), SIMATIC RF615R (All versions > V3.0), SIMATIC RF680R (All versions > V3.0), SIMATIC RF685R (All versions > V3.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31340
CVE-2021-1937 Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1937
CVE-2021-33668 Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33668
CVE-2021-27607 SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27607
CVE-2021-27628 SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27628
CVE-2020-15383 Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15383
CVE-2020-15379 Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15379
CVE-2021-33359 A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33359
CVE-2020-13950 Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13950
CVE-2021-26690 Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26690
CVE-2021-31538 LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31538
CVE-2021-34555 OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34555
CVE-2020-23308 There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23308
CVE-2020-23309 There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23309
CVE-2020-23310 There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23310
CVE-2020-23311 There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23311
CVE-2020-23312 There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23312
CVE-2020-23313 There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23313
CVE-2020-23314 There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23314
CVE-2020-23319 There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23319
CVE-2020-23322 There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23322
CVE-2021-26996 E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26996
CVE-2021-25417 Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25417
CVE-2021-20591 Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20591
CVE-2021-22898 curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22898
CVE-2021-22902 The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22902
CVE-2021-22904 The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22904
CVE-2021-32932 The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32932
CVE-2021-34679 Thycotic Password Reset Server before 5.3.0 allows credential disclosure. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34679
CVE-2021-20094 A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20094
CVE-2021-33813 An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33813
CVE-2021-27485 ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27485
CVE-2020-24939 Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24939
CVE-2021-20566 IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20566
CVE-2021-32582 An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32582
CVE-2021-34825 Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34825
CVE-2021-21279 Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21279
CVE-2021-31660 RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31660
CVE-2021-31661 RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31661
CVE-2021-31662 RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31662
CVE-2021-31663 RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31663
CVE-2021-31664 RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31664
CVE-2021-33185 SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33185
CVE-2021-33186 SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33186
CVE-2021-3450 The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3450
CVE-2021-32923 HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-32923
CVE-2021-29504 WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself. The vulnerability stems from the fact that the default behavior of `WP_CLI\\Utils\\http_request()` when encountering a TLS handshake error is to disable certificate validation and retry the same request. The default behavior has been changed with version 2.5.0 of WP-CLI and the `wp-cli/wp-cli` framework (via https://github.com/wp-cli/wp-cli/pull/5523) so that the `WP_CLI\\Utils\\http_request()` method accepts an `$insecure` option that is `false` by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of `WP_CLI\\Utils\\http_request()`, including those in separate WP-CLI bundled or third-party packages. https://github.com/wp-cli/wp-cli/pull/5523 has also added an `--insecure` flag to the `cli update` command to counter this breaking change. There is no direct workaround for the default insecure behavior of `wp-cli/wp-cli` versions before 2.5.0. The workaround for dealing with the breaking change in the commands directly affected by the new secure default behavior is to add the `--insecure` flag to manually opt-in to the previous insecure behavior. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-29504
CVE-2021-22212 ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-22212
CVE-2020-14359 A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14359
CVE-2021-32661 Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an `object` element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.9.5` release of `@backstage/plugin-techdocs`. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32661
CVE-2020-8702 Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-8702
CVE-2021-0108 Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-0108
CVE-2021-0112 Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-0112
CVE-2020-35452 Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-35452
CVE-2021-31840 A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31840
CVE-2021-0506 In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-181962311 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-0506
CVE-2019-0193 In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-0193
CVE-2021-21414 Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the `getPackedPackage` function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-21414
CVE-2021-28811 If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-28811
CVE-2020-15382 Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-15382
CVE-2021-34539 An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-34539
CVE-2021-20081 Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-20081
CVE-2021-21736 A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-21736
CVE-2021-3040 An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-3040
CVE-2021-24348 The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24348
CVE-2020-20444 Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability . 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-20444
CVE-2021-29491 Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS). The problem is corrected starting with version 0.5.1; no workarounds are known to exist. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29491
CVE-2021-3501 A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3501
CVE-2019-4730 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2019-4730
CVE-2021-23391 This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23391
CVE-2020-11304 Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11304
CVE-2021-25388 Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25388
CVE-2021-25399 Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25399
CVE-2021-25410 Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25410
CVE-2021-32938 Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32938
CVE-2021-32940 An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32940
CVE-2021-32950 An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32950
CVE-2021-32078 An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32078
CVE-2021-29706 IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29706
CVE-2021-32399 net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-32399
CVE-2020-1742 An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-1742
CVE-2020-11262 A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 7 https://nvd.nist.gov/vuln/detail/CVE-2020-11262
CVE-2020-11298 While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 7 https://nvd.nist.gov/vuln/detail/CVE-2020-11298
CVE-2021-1900 Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 7 https://nvd.nist.gov/vuln/detail/CVE-2021-1900
CVE-2021-0482 In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173791720 7 https://nvd.nist.gov/vuln/detail/CVE-2021-0482
CVE-2021-0508 In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154 7 https://nvd.nist.gov/vuln/detail/CVE-2021-0508
CVE-2018-20008 iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2018-20008
CVE-2020-12359 Insufficient control flow management in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12359
CVE-2020-24514 Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24514
CVE-2020-24515 Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24515
CVE-2021-34546 An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature. To accomplish this, the attacker can navigate to cmd.exe. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34546
CVE-2021-0467 In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0467
CVE-2019-0119 Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2019-0119
CVE-2020-15261 On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-15261
CVE-2020-12357 Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-12357
CVE-2020-24509 Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-24509
CVE-2020-8700 Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8700
CVE-2021-25396 An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25396
CVE-2021-28211 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-28211
CVE-2021-3485 An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2021-3485
CVE-2021-31946 Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2021-31946
CVE-2021-24345 The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2021-24345
CVE-2016-4376 HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2016-4376
CVE-2017-6227 A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-6227
CVE-2018-15352 An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-15352
CVE-2018-12541 In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-12541
CVE-2019-14530 An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-14530
CVE-2019-12406 Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12406
CVE-2020-13645 In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13645
CVE-2019-4471 IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-4471
CVE-2021-32662 Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for `docs_dir` in `mkdocs.yml`. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the `mkdocs.yml` in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the `0.6.3` release of `@backstage/techdocs-common`. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32662
CVE-2021-1564 Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1564
CVE-2020-1690 An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1690
CVE-2020-1750 A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access to schedule new pods in the OpenShift cluster. This was fixed in openshift/machine-config-operator 4.4.3, openshift/machine-config-operator 4.3.25, openshift/machine-config-operator 4.2.36. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1750
CVE-2020-28713 Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28713
CVE-2020-26136 In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26136
CVE-2021-26414 Windows DCOM Server Security Feature Bypass 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26414
CVE-2020-11266 Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11266
CVE-2021-34369 portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34369
CVE-2021-27635 SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27635
CVE-2021-0097 Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0097
CVE-2021-0113 Out of bounds write in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0113
CVE-2021-0131 Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0131
CVE-2021-21735 A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21735
CVE-2021-26194 An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26194
CVE-2021-26197 An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26197
CVE-2021-26198 An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26198
CVE-2021-26199 An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26199
CVE-2021-26997 E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26997
CVE-2021-25406 Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25406
CVE-2021-25416 Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25416
CVE-2021-25419 Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25419
CVE-2021-22181 A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22181
CVE-2021-22905 Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22905
CVE-2021-22906 Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22906
CVE-2021-22912 Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22912
CVE-2021-23136 Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23136
CVE-2021-23204 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23204
CVE-2021-24360 The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24360
CVE-2020-35759 bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35759
CVE-2021-20483 IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20483
CVE-2021-20488 IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20488
CVE-2021-32575 HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32575
CVE-2020-18442 Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-18442
CVE-2021-0504 In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179162665 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0504
CVE-2020-8670 Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2020-8670
CVE-2021-25394 A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25394
CVE-2021-25395 A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25395
CVE-2020-1945 Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1945
CVE-2018-0008 An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2018-0008
CVE-2016-6812 The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-6812
CVE-2017-6225 Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2017-6225
CVE-2018-12715 DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2018-12715
CVE-2019-17573 By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-17573
CVE-2020-8430 Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-8430
CVE-2020-13954 By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13954
CVE-2020-26836 SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26836
CVE-2020-2494 This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2494
CVE-2020-2495 If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2495
CVE-2020-2496 If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2496
CVE-2020-2497 If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2497
CVE-2020-2498 If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2498
CVE-2018-19942 A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later) 6.1 https://nvd.nist.gov/vuln/detail/CVE-2018-19942
CVE-2020-22789 Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-22789
CVE-2021-31879 GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-31879
CVE-2021-29484 Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site. Ghost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version between 4.0.0 and 4.3.2. Immediate action should be taken to secure your site. The issue has been fixed in 4.3.3, all 4.x sites should upgrade as soon as possible. As the endpoint is unused, the patch simply removes it. As a workaround blocking access to /ghost/preview can also mitigate the issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29484
CVE-2021-32091 A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32091
CVE-2021-21990 VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21990
CVE-2021-27612 In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27612
CVE-2021-32641 auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is incorporated into the `flashMessage` or the library's `languageDictionary` feature is utilized and user input or data from URL parameters is incorporated into the `languageDictionary`. The vulnerability is patched in version 11.30.1. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32641
CVE-2021-34370 Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-34370
CVE-2021-33666 When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33666
CVE-2021-23848 An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23848
CVE-2021-23854 An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23854
CVE-2021-29049 Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29049
CVE-2019-25046 The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-25046
CVE-2021-20293 A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20293
CVE-2021-34540 Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-34540
CVE-2020-13688 Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13688
CVE-2021-25389 Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25389
CVE-2021-22903 The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22903
CVE-2021-24349 This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24349
CVE-2021-24350 The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24350
CVE-2021-24351 The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users) 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24351
CVE-2021-24358 The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24358
CVE-2020-21316 A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-21316
CVE-2021-3535 Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3535
CVE-2021-1395 A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-1395
CVE-2020-35373 In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-35373
CVE-2021-33557 An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33557
CVE-2021-26835 No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26835
CVE-2021-28833 Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28833
CVE-2019-25047 Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-25047
CVE-2020-21517 Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-21517
CVE-2020-21130 Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-21130
CVE-2021-32015 In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-32015
CVE-2018-0034 A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200; 15.1X53 versions prior to 15.1X53-D471 on NFX 150, NFX 250; 16.1 versions prior to 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2018-0034
CVE-2011-2487 The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2011-2487
CVE-2020-6369 SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-6369
CVE-2019-25013 The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2019-25013
CVE-2021-2011 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-2011
CVE-2021-23336 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-23336
CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-23841
CVE-2021-21295 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21295
CVE-2021-3449 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-3449
CVE-2021-21409 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21409
CVE-2021-32921 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-32921
CVE-2020-15522 Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-15522
CVE-2021-31525 net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-31525
CVE-2021-33880 The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-33880
CVE-2021-20732 The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted communication via a crafted certificate. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-20732
CVE-2021-27626 SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27626
CVE-2021-22895 Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-22895
CVE-2020-17522 When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture. 5.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17522
CVE-2021-0129 Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0129
CVE-2016-4570 The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2016-4570
CVE-2016-4571 The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2016-4571
CVE-2017-12624 Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-12624
CVE-2018-6433 A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2018-6433
CVE-2020-9489 A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9489
CVE-2020-13631 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13631
CVE-2020-15372 A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15372
CVE-2020-15250 In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15250
CVE-2021-21290 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21290
CVE-2021-20227 A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20227
CVE-2021-28168 Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28168
CVE-2021-32613 In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32613
CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3564
CVE-2020-11265 Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snapdragon Wired Infrastructure and Networking 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11265
CVE-2021-26313 Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26313
CVE-2021-26314 Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26314
CVE-2021-3532 A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3532
CVE-2021-32942 The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32942
CVE-2020-13938 Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13938
CVE-2020-25467 A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25467
CVE-2021-27345 A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27345
CVE-2021-27347 Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27347
CVE-2021-25392 Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25392
CVE-2021-25393 Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25393
CVE-2021-25397 An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25397
CVE-2021-25405 An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25405
CVE-2021-25413 Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25413
CVE-2021-25415 Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25415
CVE-2021-25420 Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25420
CVE-2021-25421 Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25421
CVE-2021-25422 Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25422
CVE-2021-25423 Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25423
CVE-2021-32553 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32553
CVE-2021-32554 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32554
CVE-2021-32555 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32555
CVE-2021-34693 net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34693
CVE-2021-27481 ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27481
CVE-2021-27487 ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27487
CVE-2018-6447 A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2018-6447
CVE-2020-22790 Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-22790
CVE-2021-29489 Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-29489
CVE-2021-24247 The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24247
CVE-2021-3504 A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3504
CVE-2021-33570 Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-33570
CVE-2019-4653 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2019-4653
CVE-2020-4354 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4354
CVE-2020-1719 A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-1719
CVE-2021-27615 SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-27615
CVE-2021-33664 SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-33664
CVE-2021-33665 SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-33665
CVE-2020-24662 SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-24662
CVE-2021-23393 This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\\\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23393
CVE-2021-26829 OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-26829
CVE-2021-24346 The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24346
CVE-2021-24357 In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24357
CVE-2021-24382 The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24382
CVE-2021-27887 Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-27887
CVE-2020-29215 A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-29215
CVE-2020-5000 IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-5000
CVE-2021-27479 ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-27479
CVE-2021-21667 Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21667
CVE-2021-21668 Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21668
CVE-2020-35761 bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-35761
CVE-2021-32244 Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-32244
CVE-2021-31521 Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-31521
CVE-2020-19202 An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-19202
CVE-2021-33347 An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-33347
CVE-2021-26834 A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-26834
CVE-2016-9339 An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2016-9339
CVE-2017-5653 JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2017-5653
CVE-2015-1857 The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2015-1857
CVE-2018-17178 An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-17178
CVE-2020-1954 Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1954
CVE-2020-14550 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14550
CVE-2020-26809 SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-26809
CVE-2020-26811 SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-26811
CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13956
CVE-2021-2006 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-2006
CVE-2020-29582 In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-29582
CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\\\..\\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29425
CVE-2021-1499 A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1499
CVE-2021-32917 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32917
CVE-2021-29621 Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29621
CVE-2021-33896 Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-33896
CVE-2021-30357 SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-30357
CVE-2021-33190 In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-33190
CVE-2020-26138 In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-26138
CVE-2021-21559 Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21559
CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-28169
CVE-2020-15386 Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15386
CVE-2019-17567 Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-17567
CVE-2021-30641 Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-30641
CVE-2021-26993 E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26993
CVE-2021-25425 Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25425
CVE-2021-22749 A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22749
CVE-2021-22897 curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22897
CVE-2021-24359 The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24359
CVE-2020-22200 Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-22200
CVE-2021-33577 An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-33577
CVE-2021-27621 Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27621
CVE-2021-23852 An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-23852
CVE-2021-0132 Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-0132
CVE-2021-0134 Improper input validation in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-0134
CVE-2020-25817 SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]). 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25817
CVE-2021-31832 Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31832
CVE-2021-34815 CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34815
CVE-2019-2219 In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119041698 4.7 https://nvd.nist.gov/vuln/detail/CVE-2019-2219
CVE-2021-32658 Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1 4.6 https://nvd.nist.gov/vuln/detail/CVE-2021-32658
CVE-2021-27637 Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2021-27637
CVE-2021-34557 XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2021-34557
CVE-2021-26563 Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-26563
CVE-2021-21558 Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21558
CVE-2020-12358 Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2020-12358
CVE-2021-0095 Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-0095
CVE-2021-25411 Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25411
CVE-2021-23182 Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23182
CVE-2021-23211 Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3). 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23211
CVE-2021-20567 IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20567
CVE-2015-6479 ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2015-6479
CVE-2020-29445 Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-29445
CVE-2019-4722 IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-4722
CVE-2021-32651 OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter property is configured in OneDev. This issue was fixed in version 4.4.2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32651
CVE-2021-20730 Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20730
CVE-2021-31929 Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31929
CVE-2021-31927 An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31927
CVE-2021-34547 PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34547
CVE-2021-22769 A CWE-269: Improper Privilege Management vulnerability exists in EnerlinÕX ComÕX versions prior to V6.8.4 that could cause disclosure of device configuration information to any authenticated user when a specially crafted request is sent to the device. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22769
CVE-2021-22896 Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22896
CVE-2021-23230 A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23230
CVE-2021-24355 In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24355
CVE-2021-31818 Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31818
CVE-2020-36389 In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36389
CVE-2021-34553 Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34553
CVE-2021-2010 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L). 4.2 https://nvd.nist.gov/vuln/detail/CVE-2021-2010
CVE-2021-33881 On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc. 4.2 https://nvd.nist.gov/vuln/detail/CVE-2021-33881
CVE-2021-2173 Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). 4.1 https://nvd.nist.gov/vuln/detail/CVE-2021-2173
CVE-2021-25390 Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. 4 https://nvd.nist.gov/vuln/detail/CVE-2021-25390
CVE-2021-25391 Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. 4 https://nvd.nist.gov/vuln/detail/CVE-2021-25391
CVE-2020-9488 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-9488
CVE-2021-2007 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-2007
CVE-2021-23839 OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-23839
CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. 3.4 https://nvd.nist.gov/vuln/detail/CVE-2014-3566
CVE-2020-11867 Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-11867
CVE-2020-8908 A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-8908
CVE-2021-3588 The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3588
CVE-2021-20396 IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20396
CVE-2021-25398 Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25398
CVE-2021-25402 Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25402
CVE-2021-25403 Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25403
CVE-2021-25404 Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25404
CVE-2021-31498 This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31498
CVE-2021-31501 This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31501
CVE-2021-33031 In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33031
CVE-2020-35762 bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2020-35762
CVE-2021-22218 All versions of GitLab CE/EE starting with 12.8 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits. 2.6 https://nvd.nist.gov/vuln/detail/CVE-2021-22218
CVE-2021-3533 A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. 2.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3533
CVE-2018-17177 An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2018-17177
CVE-2021-25409 Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25409
CVE-2021-20019 A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-20019
CVE-2004-1663 Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. https://nvd.nist.gov/vuln/detail/CVE-2004-1663
CVE-2004-0971 The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. https://nvd.nist.gov/vuln/detail/CVE-2004-0971
CVE-2005-2541 Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. https://nvd.nist.gov/vuln/detail/CVE-2005-2541
CVE-2006-4811 Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. https://nvd.nist.gov/vuln/detail/CVE-2006-4811
CVE-2008-5110 syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9. https://nvd.nist.gov/vuln/detail/CVE-2008-5110
CVE-2009-2700 src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. https://nvd.nist.gov/vuln/detail/CVE-2009-2700
CVE-2010-2076 Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. https://nvd.nist.gov/vuln/detail/CVE-2010-2076
CVE-2010-4051 The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." https://nvd.nist.gov/vuln/detail/CVE-2010-4051
CVE-2011-3439 FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. https://nvd.nist.gov/vuln/detail/CVE-2011-3439
CVE-2011-5034 Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461. https://nvd.nist.gov/vuln/detail/CVE-2011-5034
CVE-2012-3451 Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. https://nvd.nist.gov/vuln/detail/CVE-2012-3451
CVE-2011-1096 The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." https://nvd.nist.gov/vuln/detail/CVE-2011-1096
CVE-2012-2379 Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. https://nvd.nist.gov/vuln/detail/CVE-2012-2379
CVE-2012-2378 Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. https://nvd.nist.gov/vuln/detail/CVE-2012-2378
CVE-2013-0254 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. https://nvd.nist.gov/vuln/detail/CVE-2013-0254
CVE-2012-5624 The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. https://nvd.nist.gov/vuln/detail/CVE-2012-5624
CVE-2012-6093 The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. https://nvd.nist.gov/vuln/detail/CVE-2012-6093
CVE-2012-5633 The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. https://nvd.nist.gov/vuln/detail/CVE-2012-5633
CVE-2013-0239 Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. https://nvd.nist.gov/vuln/detail/CVE-2013-0239
CVE-2012-5575 Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." https://nvd.nist.gov/vuln/detail/CVE-2012-5575
CVE-2013-2160 The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. https://nvd.nist.gov/vuln/detail/CVE-2013-2160
CVE-2013-4549 QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. https://nvd.nist.gov/vuln/detail/CVE-2013-4549
CVE-2014-0109 Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. https://nvd.nist.gov/vuln/detail/CVE-2014-0109
CVE-2014-0110 Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. https://nvd.nist.gov/vuln/detail/CVE-2014-0110
CVE-2014-0190 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. https://nvd.nist.gov/vuln/detail/CVE-2014-0190
CVE-2014-0034 The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. https://nvd.nist.gov/vuln/detail/CVE-2014-0034
CVE-2014-0035 The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. https://nvd.nist.gov/vuln/detail/CVE-2014-0035
CVE-2014-3577 org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. https://nvd.nist.gov/vuln/detail/CVE-2014-3577
CVE-2014-3584 The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. https://nvd.nist.gov/vuln/detail/CVE-2014-3584
CVE-2014-3623 Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2014-3623
CVE-2015-1858 Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. https://nvd.nist.gov/vuln/detail/CVE-2015-1858
CVE-2015-5253 The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." https://nvd.nist.gov/vuln/detail/CVE-2015-5253
CVE-2021-31957 ASP.NET Denial of Service Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-31957
CVE-2021-32677 FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery (CSRF) attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json). A request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted. Requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. The browser will execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application. This is fixed in FastAPI 0.65.2. The request data is now parsed as JSON only if the content-type header is application/json or another JSON compatible media type like application/geo+json. It's best to upgrade to the latest FastAPI, but if updating is not possible then a middleware or a dependency that checks the content-type header and aborts the request if it is not application/json or another JSON compatible content type can act as a mitigating workaround. https://nvd.nist.gov/vuln/detail/CVE-2021-32677
CVE-2021-0086 Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. https://nvd.nist.gov/vuln/detail/CVE-2021-0086
CVE-2021-0089 Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. https://nvd.nist.gov/vuln/detail/CVE-2021-0089
CVE-2021-31618 Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. https://nvd.nist.gov/vuln/detail/CVE-2021-31618
CVE-2021-3592 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. https://nvd.nist.gov/vuln/detail/CVE-2021-3592
CVE-2021-3593 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. https://nvd.nist.gov/vuln/detail/CVE-2021-3593
CVE-2021-3594 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. https://nvd.nist.gov/vuln/detail/CVE-2021-3594
CVE-2021-3595 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. https://nvd.nist.gov/vuln/detail/CVE-2021-3595
CVE-2021-24037 A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. https://nvd.nist.gov/vuln/detail/CVE-2021-24037
CVE-2021-28857 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. https://nvd.nist.gov/vuln/detail/CVE-2021-28857
CVE-2021-28858 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2021-28858
CVE-2021-32623 Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue. https://nvd.nist.gov/vuln/detail/CVE-2021-32623
CVE-2021-32676 Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist. https://nvd.nist.gov/vuln/detail/CVE-2021-32676
CVE-2021-32685 tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`. https://nvd.nist.gov/vuln/detail/CVE-2021-32685
CVE-2021-28815 Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. https://nvd.nist.gov/vuln/detail/CVE-2021-28815
CVE-2021-21441 There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions. https://nvd.nist.gov/vuln/detail/CVE-2021-21441
CVE-2021-28979 SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. https://nvd.nist.gov/vuln/detail/CVE-2021-28979
CVE-2021-30468 A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. https://nvd.nist.gov/vuln/detail/CVE-2021-30468
CVE-2021-32033 Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token. https://nvd.nist.gov/vuln/detail/CVE-2021-32033
CVE-2021-32612 The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing. https://nvd.nist.gov/vuln/detail/CVE-2021-32612
CVE-2021-34683 An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page. https://nvd.nist.gov/vuln/detail/CVE-2021-34683
CVE-2021-31159 Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. https://nvd.nist.gov/vuln/detail/CVE-2021-31159
CVE-2021-31857 In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. https://nvd.nist.gov/vuln/detail/CVE-2021-31857
CVE-2021-32928 The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947. https://nvd.nist.gov/vuln/detail/CVE-2021-32928
CVE-2020-8299 Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. https://nvd.nist.gov/vuln/detail/CVE-2020-8299
CVE-2020-8300 Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible. https://nvd.nist.gov/vuln/detail/CVE-2020-8300
CVE-2021-22914 Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. https://nvd.nist.gov/vuln/detail/CVE-2021-22914
CVE-2021-27610 SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. https://nvd.nist.gov/vuln/detail/CVE-2021-27610
CVE-2021-34801 Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. https://nvd.nist.gov/vuln/detail/CVE-2021-34801
CVE-2020-27339 An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode calls a function outside of SMRAM in response to a crafted software SMI, aka Inclusion of Functionality from an Untrusted Control Sphere. Modifying the well-known address of this function allows an attacker to gain control of the system with the privileges of system management mode. https://nvd.nist.gov/vuln/detail/CVE-2020-27339
CVE-2021-29702 Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. https://nvd.nist.gov/vuln/detail/CVE-2021-29702
CVE-2021-1524 A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition. https://nvd.nist.gov/vuln/detail/CVE-2021-1524
CVE-2021-1541 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. https://nvd.nist.gov/vuln/detail/CVE-2021-1541
CVE-2021-1542 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. https://nvd.nist.gov/vuln/detail/CVE-2021-1542
CVE-2021-1543 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. https://nvd.nist.gov/vuln/detail/CVE-2021-1543
CVE-2021-1566 A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests. https://nvd.nist.gov/vuln/detail/CVE-2021-1566
CVE-2021-1567 A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. https://nvd.nist.gov/vuln/detail/CVE-2021-1567
CVE-2021-1568 A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system. https://nvd.nist.gov/vuln/detail/CVE-2021-1568
CVE-2021-1569 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. https://nvd.nist.gov/vuln/detail/CVE-2021-1569
CVE-2021-1570 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. https://nvd.nist.gov/vuln/detail/CVE-2021-1570
CVE-2021-1571 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. https://nvd.nist.gov/vuln/detail/CVE-2021-1571
CVE-2021-34813 Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations. https://nvd.nist.gov/vuln/detail/CVE-2021-34813
CVE-2020-25752 An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords. https://nvd.nist.gov/vuln/detail/CVE-2020-25752
CVE-2020-25753 An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. https://nvd.nist.gov/vuln/detail/CVE-2020-25753
CVE-2020-25754 An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect. https://nvd.nist.gov/vuln/detail/CVE-2020-25754
CVE-2020-25755 An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-25755
CVE-2021-32659 Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombstone` event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room `m.room.create` event is not checked to verify if the `predecessor` field contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing the `roomUpgradeOpts` key from the `Bridge` class options. https://nvd.nist.gov/vuln/detail/CVE-2021-32659
CVE-2021-34202 There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-34202
CVE-2021-34201 D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. https://nvd.nist.gov/vuln/detail/CVE-2021-34201
CVE-2021-34203 D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. https://nvd.nist.gov/vuln/detail/CVE-2021-34203
CVE-2021-34204 D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-34204
CVE-2021-32243 FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). https://nvd.nist.gov/vuln/detail/CVE-2021-32243
CVE-2021-32245 In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that will point to http://localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack. https://nvd.nist.gov/vuln/detail/CVE-2021-32245
CVE-2021-32690 Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on. https://nvd.nist.gov/vuln/detail/CVE-2021-32690
CVE-2021-32691 Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages (such as giving and events). There is a patch in version 2.20.0. As a workaround, one can patch one's server by overriding the `create` data source method on the `People` class. https://nvd.nist.gov/vuln/detail/CVE-2021-32691
CVE-2021-31476 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531. https://nvd.nist.gov/vuln/detail/CVE-2021-31476
CVE-2021-31477 This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852. https://nvd.nist.gov/vuln/detail/CVE-2021-31477
CVE-2021-21777 An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read. https://nvd.nist.gov/vuln/detail/CVE-2021-21777
CVE-2021-0143 Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. https://nvd.nist.gov/vuln/detail/CVE-2021-0143
CVE-2021-3603 PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names. https://nvd.nist.gov/vuln/detail/CVE-2021-3603
CVE-2013-20002 Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. https://nvd.nist.gov/vuln/detail/CVE-2013-20002
CVE-2021-23396 All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function. https://nvd.nist.gov/vuln/detail/CVE-2021-23396
CVE-2021-32681 Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with 'editor' access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django's `{{ ... }}` syntax - e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`. https://nvd.nist.gov/vuln/detail/CVE-2021-32681
CVE-2021-32695 Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1. https://nvd.nist.gov/vuln/detail/CVE-2021-32695
CVE-2021-32424 In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. https://nvd.nist.gov/vuln/detail/CVE-2021-32424
CVE-2021-32426 In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. https://nvd.nist.gov/vuln/detail/CVE-2021-32426
CVE-2021-32694 Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1. https://nvd.nist.gov/vuln/detail/CVE-2021-32694
CVE-2021-32693 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it. https://nvd.nist.gov/vuln/detail/CVE-2021-32693
CVE-2021-34808 Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-34808
CVE-2021-34809 Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-34809
CVE-2021-34810 Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-34810
CVE-2021-34811 Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-34811
CVE-2021-34812 Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-34812
CVE-2021-32536 The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks. https://nvd.nist.gov/vuln/detail/CVE-2021-32536
CVE-2021-21997 VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system. https://nvd.nist.gov/vuln/detail/CVE-2021-21997
CVE-2021-23845 This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. https://nvd.nist.gov/vuln/detail/CVE-2021-23845
CVE-2021-23846 When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021. https://nvd.nist.gov/vuln/detail/CVE-2021-23846
CVE-2021-32954 Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. https://nvd.nist.gov/vuln/detail/CVE-2021-32954
CVE-2021-32956 Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. https://nvd.nist.gov/vuln/detail/CVE-2021-32956
CVE-2021-3604 Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. https://nvd.nist.gov/vuln/detail/CVE-2021-3604
CVE-2021-33818 An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. https://nvd.nist.gov/vuln/detail/CVE-2021-33818
CVE-2021-33820 An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. https://nvd.nist.gov/vuln/detail/CVE-2021-33820
CVE-2021-33822 An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. https://nvd.nist.gov/vuln/detail/CVE-2021-33822
CVE-2021-21282 Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. https://nvd.nist.gov/vuln/detail/CVE-2021-21282
CVE-2021-32696 The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS. https://nvd.nist.gov/vuln/detail/CVE-2021-32696
CVE-2021-33823 An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. https://nvd.nist.gov/vuln/detail/CVE-2021-33823
CVE-2021-33824 An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. https://nvd.nist.gov/vuln/detail/CVE-2021-33824
CVE-2021-21257 Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround. https://nvd.nist.gov/vuln/detail/CVE-2021-21257
CVE-2021-21281 Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. https://nvd.nist.gov/vuln/detail/CVE-2021-21281
CVE-2021-21410 Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround. https://nvd.nist.gov/vuln/detail/CVE-2021-21410
CVE-2021-24368 The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link https://nvd.nist.gov/vuln/detail/CVE-2021-24368
CVE-2020-20466 White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. https://nvd.nist.gov/vuln/detail/CVE-2020-20466
CVE-2020-20467 White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. https://nvd.nist.gov/vuln/detail/CVE-2020-20467
CVE-2020-20468 White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. https://nvd.nist.gov/vuln/detail/CVE-2020-20468
CVE-2020-20469 White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-20469
CVE-2020-20470 White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-20470
CVE-2020-20471 White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-20471
CVE-2020-20472 White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site. https://nvd.nist.gov/vuln/detail/CVE-2020-20472
CVE-2020-20473 White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-20473
CVE-2020-20474 White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-20474
CVE-2021-31769 MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\\MyQ\\PHP\\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. https://nvd.nist.gov/vuln/detail/CVE-2021-31769
CVE-2021-29337 MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory. https://nvd.nist.gov/vuln/detail/CVE-2021-29337
CVE-2021-33572 A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. https://nvd.nist.gov/vuln/detail/CVE-2021-33572
CVE-2021-28684 The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). https://nvd.nist.gov/vuln/detail/CVE-2021-28684
CVE-2018-25016 Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. https://nvd.nist.gov/vuln/detail/CVE-2018-25016
CVE-2020-22390 Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened. https://nvd.nist.gov/vuln/detail/CVE-2020-22390
CVE-2021-29059 A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. https://nvd.nist.gov/vuln/detail/CVE-2021-29059
CVE-2021-29060 A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string. https://nvd.nist.gov/vuln/detail/CVE-2021-29060
CVE-2021-0509 In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161 https://nvd.nist.gov/vuln/detail/CVE-2021-0509
CVE-2021-0510 In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622 https://nvd.nist.gov/vuln/detail/CVE-2021-0510
CVE-2021-0511 In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 https://nvd.nist.gov/vuln/detail/CVE-2021-0511
CVE-2021-0512 In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel https://nvd.nist.gov/vuln/detail/CVE-2021-0512
CVE-2021-0513 In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809 https://nvd.nist.gov/vuln/detail/CVE-2021-0513
CVE-2021-0516 In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448 https://nvd.nist.gov/vuln/detail/CVE-2021-0516
CVE-2021-0517 In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823 https://nvd.nist.gov/vuln/detail/CVE-2021-0517
CVE-2021-0520 In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595 https://nvd.nist.gov/vuln/detail/CVE-2021-0520
CVE-2021-0521 In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174661955 https://nvd.nist.gov/vuln/detail/CVE-2021-0521
CVE-2021-0522 In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139 https://nvd.nist.gov/vuln/detail/CVE-2021-0522
CVE-2021-0523 In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-174047492 https://nvd.nist.gov/vuln/detail/CVE-2021-0523
CVE-2021-0525 In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193929 https://nvd.nist.gov/vuln/detail/CVE-2021-0525
CVE-2021-0526 In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195264 https://nvd.nist.gov/vuln/detail/CVE-2021-0526
CVE-2021-0527 In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193931 https://nvd.nist.gov/vuln/detail/CVE-2021-0527
CVE-2021-0528 In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266 https://nvd.nist.gov/vuln/detail/CVE-2021-0528
CVE-2021-0529 In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195268 https://nvd.nist.gov/vuln/detail/CVE-2021-0529
CVE-2021-0530 In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196175 https://nvd.nist.gov/vuln/detail/CVE-2021-0530
CVE-2021-0531 In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195272 https://nvd.nist.gov/vuln/detail/CVE-2021-0531
CVE-2021-0532 In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177 https://nvd.nist.gov/vuln/detail/CVE-2021-0532
CVE-2021-0533 In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193932 https://nvd.nist.gov/vuln/detail/CVE-2021-0533
CVE-2021-26461 Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. https://nvd.nist.gov/vuln/detail/CVE-2021-26461
CVE-2020-19510 Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. https://nvd.nist.gov/vuln/detail/CVE-2020-19510
CVE-2020-19511 Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, https://nvd.nist.gov/vuln/detail/CVE-2020-19511
CVE-2021-21422 mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell. 2: Data cells identified as media will be rendered as media, without being sanitized. Example of different renders: image, audio, video, etc. As an example of type 1 attack, an unauthorized user who only can send a large amount of data in a field of a document may use a payload with embedded javascript. This could send an export of a collection to the attacker without even an admin knowing. Other types of attacks such as dropping a database\\collection are possible. https://nvd.nist.gov/vuln/detail/CVE-2021-21422
CVE-2021-32697 neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567 https://nvd.nist.gov/vuln/detail/CVE-2021-32697
CVE-2020-27511 An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 version 1.6 and below where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags. https://nvd.nist.gov/vuln/detail/CVE-2020-27511
CVE-2021-24338 The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-24338
CVE-2021-24339 The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-24339
CVE-2021-24361 In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. https://nvd.nist.gov/vuln/detail/CVE-2021-24361
CVE-2021-24364 The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-24364
CVE-2021-24366 The Admin Columns Free WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1, rendered input on the posted pages with improper input validation on the value passed into the field 'Label' parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it. https://nvd.nist.gov/vuln/detail/CVE-2021-24366
CVE-2021-24367 The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-24367
CVE-2021-24369 In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2021-24369
CVE-2021-24370 The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-24370
CVE-2021-24372 The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. https://nvd.nist.gov/vuln/detail/CVE-2021-24372
CVE-2021-24373 The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue. https://nvd.nist.gov/vuln/detail/CVE-2021-24373
CVE-2021-24374 The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked. https://nvd.nist.gov/vuln/detail/CVE-2021-24374
CVE-2021-24376 The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the "Import Settings" functionality to achieve Remote Code Execution. https://nvd.nist.gov/vuln/detail/CVE-2021-24376
CVE-2021-24377 The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948. https://nvd.nist.gov/vuln/detail/CVE-2021-24377
CVE-2021-24378 The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory. https://nvd.nist.gov/vuln/detail/CVE-2021-24378
CVE-2021-24379 The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side https://nvd.nist.gov/vuln/detail/CVE-2021-24379
CVE-2021-24383 The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue https://nvd.nist.gov/vuln/detail/CVE-2021-24383
CVE-2021-29061 A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs. https://nvd.nist.gov/vuln/detail/CVE-2021-29061
CVE-2021-29063 A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called. https://nvd.nist.gov/vuln/detail/CVE-2021-29063
CVE-2021-35066 An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. https://nvd.nist.gov/vuln/detail/CVE-2021-35066
CVE-2021-32698 eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0. https://nvd.nist.gov/vuln/detail/CVE-2021-32698
CVE-2021-34386 Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows. https://nvd.nist.gov/vuln/detail/CVE-2021-34386
CVE-2021-34387 The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only. https://nvd.nist.gov/vuln/detail/CVE-2021-34387
CVE-2021-34388 Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-34388
CVE-2021-34389 Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check leads to a memory leak of a portion of the heap situated after a stream buffer. https://nvd.nist.gov/vuln/detail/CVE-2021-34389
CVE-2010-1432 Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. https://nvd.nist.gov/vuln/detail/CVE-2010-1432
CVE-2010-1433 Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. https://nvd.nist.gov/vuln/detail/CVE-2010-1433
CVE-2010-1434 Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. https://nvd.nist.gov/vuln/detail/CVE-2010-1434
CVE-2010-1435 Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. https://nvd.nist.gov/vuln/detail/CVE-2010-1435
CVE-2021-20733 Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. https://nvd.nist.gov/vuln/detail/CVE-2021-20733
CVE-2021-20734 Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-20734
CVE-2021-20735 Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE. https://nvd.nist.gov/vuln/detail/CVE-2021-20735
CVE-2021-20736 NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-20736
CVE-2021-20737 Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-20737
CVE-2021-20741 Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-20741
CVE-2021-20742 Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector. https://nvd.nist.gov/vuln/detail/CVE-2021-20742
CVE-2021-20743 Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation. https://nvd.nist.gov/vuln/detail/CVE-2021-20743
CVE-2021-20744 Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. https://nvd.nist.gov/vuln/detail/CVE-2021-20744
CVE-2021-0534 In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170639543 https://nvd.nist.gov/vuln/detail/CVE-2021-0534
CVE-2021-0535 In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741 https://nvd.nist.gov/vuln/detail/CVE-2021-0535
CVE-2021-0554 In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162 https://nvd.nist.gov/vuln/detail/CVE-2021-0554
CVE-2021-0555 In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711 https://nvd.nist.gov/vuln/detail/CVE-2021-0555
CVE-2021-0556 In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172716941 https://nvd.nist.gov/vuln/detail/CVE-2021-0556
CVE-2021-0557 In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179046129 https://nvd.nist.gov/vuln/detail/CVE-2021-0557
CVE-2021-0558 In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173473906 https://nvd.nist.gov/vuln/detail/CVE-2021-0558
CVE-2021-0559 In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172312730 https://nvd.nist.gov/vuln/detail/CVE-2021-0559
CVE-2021-0561 In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 https://nvd.nist.gov/vuln/detail/CVE-2021-0561
CVE-2021-0562 In RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176084648 https://nvd.nist.gov/vuln/detail/CVE-2021-0562
CVE-2021-0563 In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358 https://nvd.nist.gov/vuln/detail/CVE-2021-0563
CVE-2021-0564 In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665 https://nvd.nist.gov/vuln/detail/CVE-2021-0564
CVE-2021-0565 In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174801970 https://nvd.nist.gov/vuln/detail/CVE-2021-0565
CVE-2021-0566 In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175894436 https://nvd.nist.gov/vuln/detail/CVE-2021-0566
CVE-2021-0567 In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179461812 https://nvd.nist.gov/vuln/detail/CVE-2021-0567
CVE-2021-0568 In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238 https://nvd.nist.gov/vuln/detail/CVE-2021-0568
CVE-2021-0569 In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174045870 https://nvd.nist.gov/vuln/detail/CVE-2021-0569
CVE-2021-0570 In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178803845 https://nvd.nist.gov/vuln/detail/CVE-2021-0570
CVE-2021-0571 In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936 https://nvd.nist.gov/vuln/detail/CVE-2021-0571
CVE-2021-0572 In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-177931355 https://nvd.nist.gov/vuln/detail/CVE-2021-0572
CVE-2010-2525 A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system. https://nvd.nist.gov/vuln/detail/CVE-2010-2525
CVE-2010-3300 It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. https://nvd.nist.gov/vuln/detail/CVE-2010-3300
CVE-2021-0536 In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756691 https://nvd.nist.gov/vuln/detail/CVE-2021-0536
CVE-2021-0537 In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756141 https://nvd.nist.gov/vuln/detail/CVE-2021-0537
CVE-2021-0538 In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178821491 https://nvd.nist.gov/vuln/detail/CVE-2021-0538
CVE-2021-0539 In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673 https://nvd.nist.gov/vuln/detail/CVE-2021-0539
CVE-2021-0540 In halWrapperDataCallback of hal_wrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169328517 https://nvd.nist.gov/vuln/detail/CVE-2021-0540
CVE-2021-0541 In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258455 https://nvd.nist.gov/vuln/detail/CVE-2021-0541
CVE-2021-0542 In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890 https://nvd.nist.gov/vuln/detail/CVE-2021-0542
CVE-2021-0543 In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258743 https://nvd.nist.gov/vuln/detail/CVE-2021-0543
CVE-2021-0544 In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169257710 https://nvd.nist.gov/vuln/detail/CVE-2021-0544
CVE-2021-0545 In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884 https://nvd.nist.gov/vuln/detail/CVE-2021-0545
CVE-2021-0546 In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258733 https://nvd.nist.gov/vuln/detail/CVE-2021-0546
CVE-2021-0547 In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048 https://nvd.nist.gov/vuln/detail/CVE-2021-0547
CVE-2021-0548 In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650357 https://nvd.nist.gov/vuln/detail/CVE-2021-0548
CVE-2021-0549 In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 https://nvd.nist.gov/vuln/detail/CVE-2021-0549
CVE-2021-0550 In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673 https://nvd.nist.gov/vuln/detail/CVE-2021-0550
CVE-2021-0551 In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039 https://nvd.nist.gov/vuln/detail/CVE-2021-0551
CVE-2021-0552 In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175124820 https://nvd.nist.gov/vuln/detail/CVE-2021-0552
CVE-2021-0553 In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169936038 https://nvd.nist.gov/vuln/detail/CVE-2021-0553
CVE-2021-0605 In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 https://nvd.nist.gov/vuln/detail/CVE-2021-0605
CVE-2021-0606 In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487 https://nvd.nist.gov/vuln/detail/CVE-2021-0606
CVE-2021-0607 In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180950209 https://nvd.nist.gov/vuln/detail/CVE-2021-0607
CVE-2021-0608 In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174870704 https://nvd.nist.gov/vuln/detail/CVE-2021-0608
CVE-2010-4264 It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. https://nvd.nist.gov/vuln/detail/CVE-2010-4264
CVE-2010-4266 It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. https://nvd.nist.gov/vuln/detail/CVE-2010-4266
CVE-2010-4816 It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. https://nvd.nist.gov/vuln/detail/CVE-2010-4816
CVE-2021-34243 A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file. https://nvd.nist.gov/vuln/detail/CVE-2021-34243
CVE-2021-34244 A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords. https://nvd.nist.gov/vuln/detail/CVE-2021-34244
CVE-2021-35045 Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. https://nvd.nist.gov/vuln/detail/CVE-2021-35045
CVE-2021-35046 A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. https://nvd.nist.gov/vuln/detail/CVE-2021-35046
CVE-2021-35206 Gitpod before 0.6.0 allows unvalidated redirects. https://nvd.nist.gov/vuln/detail/CVE-2021-35206
CVE-2020-15732 Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. https://nvd.nist.gov/vuln/detail/CVE-2020-15732
CVE-2020-18646 Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php". https://nvd.nist.gov/vuln/detail/CVE-2020-18646
CVE-2020-18647 Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor". https://nvd.nist.gov/vuln/detail/CVE-2020-18647
CVE-2020-18648 Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMS_v1.0/admin/index.php?c=administrator&a=add". https://nvd.nist.gov/vuln/detail/CVE-2020-18648
CVE-2020-22164 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22164
CVE-2020-22165 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22165
CVE-2020-22166 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22166
CVE-2020-22167 PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \\hms\\admin\\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data. https://nvd.nist.gov/vuln/detail/CVE-2020-22167
CVE-2020-22168 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22168
CVE-2020-22169 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22169
CVE-2020-22170 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22170
CVE-2020-22171 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22171
CVE-2020-22172 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22172
CVE-2020-22173 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22173
CVE-2020-22174 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22174
CVE-2020-22175 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\admin\\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22175
CVE-2020-22176 PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-22176
CVE-2021-34428 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. https://nvd.nist.gov/vuln/detail/CVE-2021-34428
CVE-2020-18654 Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php". https://nvd.nist.gov/vuln/detail/CVE-2020-18654
CVE-2021-22361 There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. https://nvd.nist.gov/vuln/detail/CVE-2021-22361
CVE-2021-22365 There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal. https://nvd.nist.gov/vuln/detail/CVE-2021-22365
CVE-2021-22366 There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS). https://nvd.nist.gov/vuln/detail/CVE-2021-22366
CVE-2021-32644 Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3. https://nvd.nist.gov/vuln/detail/CVE-2021-32644
CVE-2021-3044 An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances. https://nvd.nist.gov/vuln/detail/CVE-2021-3044
CVE-2021-22342 There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20. https://nvd.nist.gov/vuln/detail/CVE-2021-22342
CVE-2021-22363 There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. https://nvd.nist.gov/vuln/detail/CVE-2021-22363
CVE-2021-22377 There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service. https://nvd.nist.gov/vuln/detail/CVE-2021-22377
CVE-2021-22378 There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. https://nvd.nist.gov/vuln/detail/CVE-2021-22378
CVE-2021-22382 Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00. https://nvd.nist.gov/vuln/detail/CVE-2021-22382
CVE-2021-22383 There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS). https://nvd.nist.gov/vuln/detail/CVE-2021-22383
CVE-2021-32699 Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created. https://nvd.nist.gov/vuln/detail/CVE-2021-32699
CVE-2021-32700 Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4. https://nvd.nist.gov/vuln/detail/CVE-2021-32700
CVE-2021-32701 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope `bar` is made before the cache has expired. Whether the token is granted or not to the `bar` scope, introspection will be valid. A patch will be released with `v0.38.12-beta.1`. Per default, caching is disabled for the `oauth2_introspection` authenticator. When caching is disabled, this vulnerability does not exist. The cache is checked in [`func (a *AuthenticatorOAuth2Introspection) Authenticate(...)`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L152). From [`tokenFromCache()`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L97) it seems that it only validates the token expiration date, but ignores whether the token has or not the proper scopes. The vulnerability was introduced in PR #424. During review, we failed to require appropriate test coverage by the submitter which is the primary reason that the vulnerability passed the review process. https://nvd.nist.gov/vuln/detail/CVE-2021-32701
CVE-2020-36394 pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. https://nvd.nist.gov/vuln/detail/CVE-2020-36394
CVE-2021-34372 Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-34372
CVE-2021-34390 Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function. https://nvd.nist.gov/vuln/detail/CVE-2021-34390
CVE-2021-34391 Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures. https://nvd.nist.gov/vuln/detail/CVE-2021-34391
CVE-2021-34392 Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-34392
CVE-2021-34393 Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure. https://nvd.nist.gov/vuln/detail/CVE-2021-34393
CVE-2021-34394 Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-34394
CVE-2021-34395 Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-34395
CVE-2021-34396 Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-34396
CVE-2021-34397 Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-34397