Security Bulletin 10 Mar 2021

Published on 10 Mar 2021

Updated on 14 Apr 2021

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2021-21321 fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-21321
CVE-2020-14871 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). 10 https://nvd.nist.gov/vuln/detail/CVE-2020-14871
CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability 9.9 https://nvd.nist.gov/vuln/detail/CVE-2020-17095
CVE-2021-3420 A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3420
CVE-2021-3406 A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3406
CVE-2021-3342 EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3342
CVE-2021-3332 WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3332
CVE-2021-3197 An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3197
CVE-2021-3148 An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3148
CVE-2021-3120 An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3120
CVE-2021-28041 ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28041
CVE-2021-28037 An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28037
CVE-2021-28035 An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28035
CVE-2021-28034 An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28034
CVE-2021-28033 An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28033
CVE-2021-28032 An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28032
CVE-2021-28031 An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28031
CVE-2021-28028 An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28028
CVE-2021-28027 An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28027
CVE-2021-27886 rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27886
CVE-2021-27877 An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27877
CVE-2021-27804 JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27804
CVE-2021-27730 Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27730
CVE-2021-27314 SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27314
CVE-2021-27198 An issue was discovered in Visualware MyConnection Server through 11.0b build 5382. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27198
CVE-2021-27135 xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27135
CVE-2021-27132 SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27132
CVE-2021-26937 encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26937
CVE-2021-26904 LMA ISIDA Retriever 5.2 allows SQL Injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26904
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26855
CVE-2021-26703 EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26703
CVE-2021-26476 EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26476
CVE-2021-25914 Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25914
CVE-2021-25346 A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25346
CVE-2021-25309 The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25309
CVE-2021-25283 An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25283
CVE-2021-25281 An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25281
CVE-2021-24078 Windows DNS Server Remote Code Execution Vulnerability 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24078
CVE-2021-24077 Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24077
CVE-2021-23344 The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23344
CVE-2021-21972 The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21972
CVE-2021-21513 Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21513
CVE-2021-21322 fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21322
CVE-2021-2047 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-2047
CVE-2021-1722 Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1722
CVE-2020-8298 fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8298
CVE-2020-7200 A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7200
CVE-2020-29600 In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29600
CVE-2020-28657 In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28657
CVE-2020-28502 This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28502
CVE-2020-27998 An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27998
CVE-2020-2555 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2555
CVE-2020-24913 A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24913
CVE-2020-23534 A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23534
CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17121. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17118
CVE-2020-13957 Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13957
CVE-2020-13901 An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13901
CVE-2020-13160 AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13160
CVE-2020-11984 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11984
CVE-2020-11974 In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11974
CVE-2020-11945 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11945
CVE-2020-11272 Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11272
CVE-2019-25022 An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-25022
CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17571
CVE-2018-17254 The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-17254
CVE-2017-7658 In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7658
CVE-2017-7657 In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7657
CVE-2015-8011 Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2015-8011
CVE-2021-21154 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-21154
CVE-2021-21150 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-21150
CVE-2021-21132 Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-21132
CVE-2021-21124 Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-21124
CVE-2021-21121 Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-21121
CVE-2021-3144 In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3144
CVE-2021-25282 An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25282
CVE-2021-24032 Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24032
CVE-2021-24031 In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24031
CVE-2021-23128 An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23128
CVE-2021-23127 An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23127
CVE-2021-21352 Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator. This vulnerability is pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing). 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21352
CVE-2021-21308 PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21308
CVE-2021-1361 A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-1361
CVE-2020-28199 best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28199
CVE-2020-17142 Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17144. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-17142
CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-17132
CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-17002
CVE-2020-16971 Azure SDK for Java Security Feature Bypass Vulnerability 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-16971
CVE-2020-11275 Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11275
CVE-2021-21353 Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade. 9 https://nvd.nist.gov/vuln/detail/CVE-2021-21353

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2021-27878 An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27878
CVE-2021-26704 EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26704
CVE-2021-26567 Use of unmaintained third party components vulnerability in faad in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via a crafted file path. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26567
CVE-2021-25298 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25298
CVE-2021-25297 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25297
CVE-2021-25296 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25296
CVE-2021-24093 Windows Graphics Component Remote Code Execution Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24093
CVE-2021-24091 Windows Camera Codec Pack Remote Code Execution Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24091
CVE-2021-24088 Windows Local Spooler Remote Code Execution Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24088
CVE-2021-24072 Microsoft SharePoint Server Remote Code Execution Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24072
CVE-2021-24066 Microsoft SharePoint Remote Code Execution Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24066
CVE-2021-23979 Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23979
CVE-2021-23978 Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23978
CVE-2021-23972 One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23972
CVE-2021-23965 Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23965
CVE-2021-23964 Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23964
CVE-2021-23962 Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23962
CVE-2021-23960 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23960
CVE-2021-23954 Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23954
CVE-2021-21974 OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21974
CVE-2021-21157 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21157
CVE-2021-21153 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21153
CVE-2021-21152 Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21152
CVE-2021-21128 Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21128
CVE-2021-21127 Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21127
CVE-2021-21122 Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21122
CVE-2021-21120 Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21120
CVE-2021-21119 Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21119
CVE-2021-1728 System Center Operations Manager Elevation of Privilege Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1728
CVE-2021-1368 A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1368
CVE-2020-9492 In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9492
CVE-2020-29569 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29569
CVE-2020-29479 An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29479
CVE-2020-27996 An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27996
CVE-2020-26995 A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26995
CVE-2020-17162 Microsoft Windows Security Feature Bypass Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17162
CVE-2020-17158 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17152. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17158
CVE-2020-17152 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17158. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17152
CVE-2020-17143 Microsoft Exchange Information Disclosure Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17143
CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17118. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17121
CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17096
CVE-2020-16043 Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16043
CVE-2020-16003 Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16003
CVE-2020-15978 Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15978
CVE-2020-13558 A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13558
CVE-2020-13445 In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13445
CVE-2020-11269 Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11269
CVE-2020-10519 A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10519
CVE-2019-5087 An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5087
CVE-2019-5086 An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5086
CVE-2019-19680 A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19680
CVE-2018-18557 LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-18557
CVE-2018-12900 Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-12900
CVE-2021-1387 A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-1387
CVE-2020-8022 A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2020-8022
CVE-2020-17144 Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2020-17144
CVE-2020-17141 Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2020-17141
CVE-2020-17437 An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-17437
CVE-2021-3336 DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3336
CVE-2021-27876 An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27876
CVE-2021-26566 Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26566
CVE-2021-26562 Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26562
CVE-2021-26561 Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26561
CVE-2021-23976 When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23976
CVE-2021-22863 An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22863
CVE-2021-21125 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21125
CVE-2021-20190 A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20190
CVE-2021-1227 A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-1227
CVE-2020-9794 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-9794
CVE-2020-8625 BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-8625
CVE-2020-6096 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6096
CVE-2020-28374 In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28374
CVE-2020-2604 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2604
CVE-2020-16041 Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-16041
CVE-2017-1000433 pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2017-1000433
CVE-2021-1726 Microsoft SharePoint Spoofing Vulnerability 8 https://nvd.nist.gov/vuln/detail/CVE-2021-1726
CVE-2020-17115 Microsoft SharePoint Spoofing Vulnerability 8 https://nvd.nist.gov/vuln/detail/CVE-2020-17115
CVE-2020-17089 Microsoft SharePoint Elevation of Privilege Vulnerability 8 https://nvd.nist.gov/vuln/detail/CVE-2020-17089
CVE-2021-3410 A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3410
CVE-2021-3347 An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3347
CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3156
CVE-2021-28042 Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28042
CVE-2021-28026 jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28026
CVE-2021-27065 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27065
CVE-2021-26934 An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26934
CVE-2021-26930 An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26930
CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26858
CVE-2021-26857 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26857
CVE-2021-26700 Visual Studio Code npm-script Extension Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26700
CVE-2021-25833 A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code execution on DocumentServer. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25833
CVE-2021-25832 A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25832
CVE-2021-25831 A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25831
CVE-2021-25830 A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25830
CVE-2021-25195 Windows PKU2U Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25195
CVE-2021-25178 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25178
CVE-2021-25176 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25176
CVE-2021-25175 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25175
CVE-2021-25174 An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25174
CVE-2021-24105 Package Managers Configurations Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24105
CVE-2021-24103 Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24103
CVE-2021-24102 Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24102
CVE-2021-24096 Windows Kernel Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24096
CVE-2021-24092 Microsoft Defender Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24092
CVE-2021-24087 Azure IoT CLI extension Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24087
CVE-2021-24083 Windows Address Book Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24083
CVE-2021-24081 Microsoft Windows Codecs Library Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24081
CVE-2021-24070 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24069. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24070
CVE-2021-24069 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24070. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24069
CVE-2021-24068 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24069, CVE-2021-24070. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24068
CVE-2021-24067 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24068, CVE-2021-24069, CVE-2021-24070. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24067
CVE-2021-22683 Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22683
CVE-2021-22670 An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22670
CVE-2021-22666 Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22666
CVE-2021-22662 A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22662
CVE-2021-22651 When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22651
CVE-2021-22649 Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22649
CVE-2021-22647 Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22647
CVE-2021-22645 Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22645
CVE-2021-22643 Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22643
CVE-2021-22638 Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22638
CVE-2021-21315 The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21315
CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1733
CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1732
CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1727
CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1715
CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1713
CVE-2021-1698 Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1732. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1698
CVE-2021-1697 Windows InstallService Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1697
CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1695
CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1642. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1685
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1648
CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1642
CVE-2021-1639 Visual Studio Code Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1639
CVE-2020-35512 A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35512
CVE-2020-29661 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29661
CVE-2020-28646 ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28646
CVE-2020-28599 A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28599
CVE-2020-28243 An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28243
CVE-2020-27293 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27293
CVE-2020-27291 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27291
CVE-2020-27289 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27289
CVE-2020-27287 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27287
CVE-2020-27281 A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27281
CVE-2020-27277 Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27277
CVE-2020-27275 Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27275
CVE-2020-27006 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27006
CVE-2020-27005 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27005
CVE-2020-27003 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27003
CVE-2020-27001 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27001
CVE-2020-27000 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27000
CVE-2020-26999 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26999
CVE-2020-17159 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17159
CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17156
CVE-2020-17150 Visual Studio Code Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17150
CVE-2020-17148 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17148
CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17139
CVE-2020-17137 DirectX Graphics Kernel Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17137
CVE-2020-17136 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17134. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17136
CVE-2020-17134 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17136. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17134
CVE-2020-17129 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17129
CVE-2020-17128 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17128
CVE-2020-17127 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17127
CVE-2020-17125 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17125
CVE-2020-17124 Microsoft PowerPoint Remote Code Execution Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17124
CVE-2020-17123 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17123
CVE-2020-17122 Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17122
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17134, CVE-2020-17136. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17103
CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17097
CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17092
CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16963
CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16962
CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16961
CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16960
CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16959
CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16958
CVE-2020-16119 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16119
CVE-2020-11271 Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11271
CVE-2020-11204 Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11204
CVE-2020-0822 An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-0822
CVE-2019-19816 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19816
CVE-2019-18276 An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18276
CVE-2018-16156 In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-16156
CVE-2017-16651 Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-16651
CVE-2017-15288 The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-15288
CVE-2016-9560 Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-9560
CVE-2016-3418 Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-0694. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-3418
CVE-2016-10093 Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-10093
CVE-2016-10092 Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-10092
CVE-2016-0694 Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-3418. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-0694
CVE-2016-0692 Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, and CVE-2016-3418. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-0692
CVE-2016-0689 Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-0689
CVE-2016-0682 Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-0682
CVE-2015-9268 Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2015-9268
CVE-2020-26258 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2020-26258
CVE-2020-12528 An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2020-12528
CVE-2021-3326 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3326
CVE-2021-28040 An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28040
CVE-2021-28036 An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28036
CVE-2021-28030 An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28030
CVE-2021-28029 An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28029
CVE-2021-27923 Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27923
CVE-2021-27922 Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27922
CVE-2021-27921 Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27921
CVE-2021-27803 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27803
CVE-2021-27219 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27219
CVE-2021-27218 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27218
CVE-2021-26813 markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26813
CVE-2021-26296 In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26296
CVE-2021-26117 The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26117
CVE-2021-25829 An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25829
CVE-2021-25330 Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25330
CVE-2021-25306 A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25306
CVE-2021-25122 When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25122
CVE-2021-24111 .NET Framework Denial of Service Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24111
CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24086
CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23840
CVE-2021-23132 An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23132
CVE-2021-23131 An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23131
CVE-2021-22661 Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22661
CVE-2021-22174 Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22174
CVE-2021-22173 Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22173
CVE-2021-20442 IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20442
CVE-2021-1734 Windows Remote Procedure Call Information Disclosure Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1734
CVE-2021-1723 ASP.NET Core and Visual Studio Denial of Service Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1723
CVE-2021-1230 A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition. This vulnerability is due to an issue with the installation of routes upon receipt of a BGP update. An attacker could exploit this vulnerability by sending a crafted BGP update to an affected device. A successful exploit could allow the attacker to cause the routing process to crash, which could cause the device to reload. This vulnerability applies to both Internal BGP (IBGP) and External BGP (EBGP). Note: The Cisco implementation of BGP accepts incoming BGP traffic from explicitly configured peers only. To exploit this vulnerability, an attacker would need to send a specific BGP update message over an established TCP connection that appears to come from a trusted BGP peer. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1230
CVE-2020-9991 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9991
CVE-2020-8517 An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8517
CVE-2020-8449 An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8449
CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8277
CVE-2020-5258 In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5258
CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36230
CVE-2020-36229 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36229
CVE-2020-36228 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36228
CVE-2020-36227 A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36227
CVE-2020-36226 A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36226
CVE-2020-36225 A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36225
CVE-2020-36224 A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36224
CVE-2020-36223 A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36223
CVE-2020-36221 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36221
CVE-2020-35498 A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35498
CVE-2020-35296 ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35296
CVE-2020-29529 HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29529
CVE-2020-27223 In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27223
CVE-2020-24686 The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24686
CVE-2020-17131 Chakra Scripting Engine Memory Corruption Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17131
CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17119
CVE-2020-13987 An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13987
CVE-2020-13949 In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13949
CVE-2020-13900 An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13900
CVE-2020-13899 An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13899
CVE-2020-13898 An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13898
CVE-2020-13848 Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13848
CVE-2020-11655 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11655
CVE-2019-3823 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3823
CVE-2019-25021 An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-25021
CVE-2019-25020 An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-25020
CVE-2019-19942 Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19942
CVE-2019-17655 A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-17655
CVE-2019-13050 Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-13050
CVE-2019-0222 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-0222
CVE-2018-13381 A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-13381
CVE-2017-9814 cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-9814
CVE-2021-23961 Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23961
CVE-2021-23957 Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23957
CVE-2021-20247 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20247
CVE-2020-35662 In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-35662
CVE-2020-13163 em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-13163
CVE-2018-11775 TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2018-11775
CVE-2020-8450 An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-8450
CVE-2021-3291 Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-3291
CVE-2021-27078 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-27078
CVE-2021-26854 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-26854
CVE-2021-26412 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-26412
CVE-2021-21517 SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-21517
CVE-2021-21302 PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-21302
CVE-2020-25654 An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-25654
CVE-2020-24948 The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-24948
CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-17117
CVE-2018-16621 Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2018-16621
CVE-2020-27002 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043) 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-27002
CVE-2021-26708 A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-26708
CVE-2021-25329 The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-25329
CVE-2020-8032 A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-8032
CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-27216
CVE-2017-8461 Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability." 7 https://nvd.nist.gov/vuln/detail/CVE-2017-8461
CVE-2017-3617 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3617
CVE-2017-3616 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3616
CVE-2017-3615 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3615
CVE-2017-3614 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3614
CVE-2017-3613 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3613
CVE-2017-3612 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3612
CVE-2017-3611 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3611
CVE-2017-3610 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3610
CVE-2017-3609 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3609
CVE-2017-3608 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3608
CVE-2017-3607 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3607
CVE-2017-3606 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3606
CVE-2017-3605 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3605
CVE-2017-3604 Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). 7 https://nvd.nist.gov/vuln/detail/CVE-2017-3604
CVE-2021-27901 An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021). 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27901
CVE-2021-24109 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24109
CVE-2021-24075 Windows Network File System Denial of Service Vulnerability 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24075
CVE-2021-20328 Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20328
CVE-2021-20327 A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20327
CVE-2020-26200 A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26200
CVE-2020-2601 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2601
CVE-2020-17099 Windows Lock Screen Security Feature Bypass Vulnerability 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17099
CVE-2020-0465 In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-0465
CVE-2021-0406 In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0406
CVE-2020-8296 Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8296
CVE-2020-36158 mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-36158
CVE-2020-24455 Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-24455
CVE-2021-3405 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3405
CVE-2021-28039 An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28039
CVE-2021-28038 An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28038
CVE-2021-27328 Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27328
CVE-2021-24101 Microsoft Dataverse Information Disclosure Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24101
CVE-2021-24099 Skype for Business and Lync Denial of Service Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24099
CVE-2021-24082 Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24082
CVE-2021-24080 Windows Trust Verification API Denial of Service Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24080
CVE-2021-24071 Microsoft SharePoint Information Disclosure Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24071
CVE-2021-23975 The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23975
CVE-2021-23973 When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23973
CVE-2021-23971 When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23971
CVE-2021-23970 Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23970
CVE-2021-23958 The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23958
CVE-2021-23956 An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23956
CVE-2021-23339 This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23339
CVE-2021-22862 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22862
CVE-2021-22861 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22861
CVE-2021-21297 Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21297
CVE-2021-21274 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21274
CVE-2021-21136 Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21136
CVE-2021-21135 Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21135
CVE-2021-21134 Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21134
CVE-2021-21133 Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21133
CVE-2021-21131 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21131
CVE-2021-21130 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21130
CVE-2021-21129 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21129
CVE-2021-21126 Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21126
CVE-2021-21123 Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21123
CVE-2021-1228 A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. This vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a crafted LLDP packet on the adjacent subnet to an affected device. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1228
CVE-2020-9849 An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9849
CVE-2020-7929 A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7929
CVE-2020-36148 Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36148
CVE-2020-35329 Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35329
CVE-2020-29568 An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29568
CVE-2020-17140 Windows SMB Information Disclosure Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17140
CVE-2020-17133 Microsoft Dynamics Business Central/NAV Information Disclosure 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17133
CVE-2020-17130 Microsoft Excel Security Feature Bypass Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17130
CVE-2020-17120 Microsoft SharePoint Information Disclosure Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17120
CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16996
CVE-2020-15977 Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15977
CVE-2020-15811 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15811
CVE-2019-6462 An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-6462
CVE-2019-6461 An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-6461
CVE-2019-25023 An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-25023
CVE-2019-15297 res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-15297
CVE-2018-6381 In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-6381
CVE-2018-13383 A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-13383
CVE-2017-14528 The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-14528
CVE-2020-17380 A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2020-17380
CVE-2020-13460 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13460
CVE-2020-29571 An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2020-29571
CVE-2020-29570 An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2020-29570
CVE-2020-29567 An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2020-29567
CVE-2021-3377 The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3377
CVE-2021-27888 ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27888
CVE-2021-27731 Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27731
CVE-2021-27330 Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27330
CVE-2021-27318 Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27318
CVE-2021-27317 Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27317
CVE-2021-26903 LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26903
CVE-2021-26723 Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26723
CVE-2021-26702 EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26702
CVE-2021-26475 EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26475
CVE-2021-25299 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25299
CVE-2021-23974 The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23974
CVE-2021-23959 An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23959
CVE-2021-23955 The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23955
CVE-2021-23130 An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23130
CVE-2021-23129 An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23129
CVE-2021-21476 SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21476
CVE-2021-21330 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21330
CVE-2021-21273 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21273
CVE-2020-7575 A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-7575
CVE-2020-7574 A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-7574
CVE-2020-29565 An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-29565
CVE-2020-27224 In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-27224
CVE-2020-1936 A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1936
CVE-2020-17153 Microsoft Edge for Android Spoofing Vulnerability 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-17153
CVE-2020-15937 An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15937
CVE-2020-12530 An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12530
CVE-2020-12283 Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12283
CVE-2020-11529 Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11529
CVE-2021-26565 Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-26565
CVE-2021-26564 Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-26564
CVE-2021-26560 Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-26560
CVE-2021-20441 IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-20441
CVE-2020-28972 In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-28972
CVE-2020-25687 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-25687
CVE-2020-25657 A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-25657
CVE-2020-13409 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3) 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-13409
CVE-2020-13408 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 2 of 3) 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-13408
CVE-2020-13407 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 1 of 3) 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-13407
CVE-2021-24114 Microsoft Teams iOS Information Disclosure Vulnerability 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-24114
CVE-2021-21255 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21255
CVE-2020-27825 A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2020-27825
CVE-2020-13462 Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2020-13462
CVE-2021-3407 A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3407
CVE-2021-27904 An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27904
CVE-2021-26932 An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26932
CVE-2021-26931 An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26931
CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24106
CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24098
CVE-2021-24085 Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24085
CVE-2021-24084 Windows Mobile Device Management Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24084
CVE-2021-24079 Windows Backup Engine Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24079
CVE-2021-24076 Microsoft Windows VMSwitch Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24076
CVE-2021-22296 A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22296
CVE-2021-21290 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21290
CVE-2021-1731 PFX Encryption Security Feature Bypass Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1731
CVE-2020-9479 When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9479
CVE-2020-28394 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28394
CVE-2020-27750 A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27750
CVE-2020-27618 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27618
CVE-2020-27008 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27008
CVE-2020-27007 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27007
CVE-2020-27004 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27004
CVE-2020-26998 A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26998
CVE-2020-25677 A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25677
CVE-2020-25674 WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25674
CVE-2020-25665 The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25665
CVE-2020-17138 Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17094. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17138
CVE-2020-17126 Microsoft Excel Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17126
CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17098
CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17138. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17094
CVE-2020-12049 An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12049
CVE-2020-0518 Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-0518
CVE-2019-19813 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19813
CVE-2017-7475 Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-7475
CVE-2017-6831 Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-6831
CVE-2017-15045 LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-15045
CVE-2015-9267 Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2015-9267
CVE-2015-9101 The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2015-9101
CVE-2012-5474 The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2012-5474
CVE-2021-3355 A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3355
CVE-2021-3151 i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3151
CVE-2021-3010 There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3010
CVE-2021-27225 In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-27225
CVE-2021-24113 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24113
CVE-2021-22182 An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-22182
CVE-2021-21515 Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21515
CVE-2021-21447 SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21447
CVE-2021-21445 SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21445
CVE-2021-21258 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21258
CVE-2021-20351 IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20351
CVE-2021-20350 IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20350
CVE-2021-20340 IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20340
CVE-2021-1730 Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-24085. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1730
CVE-2020-4866 IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4866
CVE-2020-4863 IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4863
CVE-2020-4857 IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4857
CVE-2020-4856 IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4856
CVE-2020-35328 Courier Management System 1.0 - 'First Name' Stored XSS 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-35328
CVE-2020-26609 fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-26609
CVE-2020-23518 Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-23518
CVE-2020-17147 Dynamics CRM Webclient Cross-site Scripting Vulnerability 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-17147
CVE-2020-17145 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-17145
CVE-2020-17135 Azure DevOps Server Spoofing Vulnerability 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-17135
CVE-2016-4428 Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2016-4428
CVE-2014-9271 Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2014-9271
CVE-2021-3384 A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3384
CVE-2021-3281 In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3281
CVE-2021-27515 url-parse before 1.5.0 mishandles certain uses of backslash such as http:\\/ and interprets the URI as a relative path. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27515
CVE-2021-26027 An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26027
CVE-2021-23977 Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23977
CVE-2021-23346 This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23346
CVE-2021-23345 All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23345
CVE-2021-23126 An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23126
CVE-2021-22114 Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22114
CVE-2021-21973 The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21973
CVE-2021-21328 Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21328
CVE-2021-1229 A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 packet. An attacker could exploit this vulnerability by sending a sustained rate of crafted ICMPv6 packets to a local IPv6 address on a targeted device. A successful exploit could allow the attacker to cause a system memory leak in the ICMPv6 process on the device. As a result, the ICMPv6 process could run out of system memory and stop processing traffic. The device could then drop all ICMPv6 packets, causing traffic instability on the device. Restoring device functionality would require a device reboot. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1229
CVE-2020-36240 The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36240
CVE-2020-28388 A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-28388
CVE-2020-14155 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14155
CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13956
CVE-2020-12529 An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-12529
CVE-2020-11988 Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-11988
CVE-2020-11987 Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-11987
CVE-2021-27884 Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used. 5.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27884
CVE-2020-25085 QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. 5 https://nvd.nist.gov/vuln/detail/CVE-2020-25085
CVE-2021-21514 Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21514
CVE-2020-4719 The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-4719
CVE-2020-25678 A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-25678
CVE-2020-13977 Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-13977
CVE-2019-18628 Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2019-18628
CVE-2018-25004 A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2018-25004
CVE-2018-17206 An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2018-17206
CVE-2018-12438 The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2018-12438
CVE-2018-12437 LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2018-12437
CVE-2021-23347 The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23347
CVE-2021-21314 GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21314
CVE-2021-1724 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1724
CVE-2020-27218 In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27218
CVE-2020-2593 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2593
CVE-2021-1231 A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1231
CVE-2020-1960 A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-1960
CVE-2021-2138 Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes to compromise Oracle Cloud Infrastructure Data Science Notebook Sessions. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data. All affected customers were notified of CVE-2021-2138 by Oracle. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) 4.6 https://nvd.nist.gov/vuln/detail/CVE-2021-2138
CVE-2020-12702 Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-12702
CVE-2021-26563 Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-26563
CVE-2021-25284 An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25284
CVE-2021-24100 Microsoft Edge for Android Information Disclosure Vulnerability 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24100
CVE-2021-21724 A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21724
CVE-2020-29660 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2020-29660
CVE-2019-19318 In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, 4.4 https://nvd.nist.gov/vuln/detail/CVE-2019-19318
CVE-2021-23969 As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23969
CVE-2021-23968 If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23968
CVE-2021-23963 When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23963
CVE-2021-23953 If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23953
CVE-2021-22187 An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 12.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22187
CVE-2021-21464 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21464
CVE-2021-21320 matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21320
CVE-2021-1367 A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1367
CVE-2020-15966 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15966
CVE-2020-12527 An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-12527
CVE-2018-17204 An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-17204
CVE-2020-29443 ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. 3.9 https://nvd.nist.gov/vuln/detail/CVE-2020-29443
CVE-2020-2654 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-2654
CVE-2020-14779 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-14779
CVE-2017-15709 When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2017-15709
CVE-2021-3111 The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3111
CVE-2020-4725 IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2020-4725
CVE-2021-25341 Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25341
CVE-2021-22294 A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22294
CVE-2020-4726 The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4726
CVE-2021-20203 An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. 3.2 https://nvd.nist.gov/vuln/detail/CVE-2021-20203
CVE-2021-25348 Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25348
CVE-2020-29480 An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: number, type, and domids of other VMs; existence and domids of driver domains; numbers of virtual interfaces, block devices, vcpus; existence of virtual framebuffers and their backend style (e.g., existence of VNC service); Xen VM UUIDs for other domains; timing information about domain creation and device setup; and some hints at the backend provisioning of VMs and their devices. The watch events do not contain values stored in xenstore, only key names. A guest administrator can observe non-sensitive domain and device lifecycle events relating to other guests. This information allows some insight into overall system configuration (including the number and general nature of other guests), and configuration of other guests (including the number and general nature of other guests' devices). This information might be commercially interesting or might make other attacks easier. There is not believed to be exposure of sensitive data. Specifically, there is no exposure of VNC passwords, port numbers, pathnames in host and guest filesystems, cryptographic keys, or within-guest data. 2.3 https://nvd.nist.gov/vuln/detail/CVE-2020-29480
CVE-2021-3417 An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file. https://nvd.nist.gov/vuln/detail/CVE-2021-3417
CVE-2021-3411 A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-3411
CVE-2021-3404 In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. https://nvd.nist.gov/vuln/detail/CVE-2021-3404
CVE-2021-3403 In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. https://nvd.nist.gov/vuln/detail/CVE-2021-3403
CVE-2021-28116 Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. https://nvd.nist.gov/vuln/detail/CVE-2021-28116
CVE-2021-28115 The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation. https://nvd.nist.gov/vuln/detail/CVE-2021-28115
CVE-2021-28006 Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-28006
CVE-2021-27965 The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request. https://nvd.nist.gov/vuln/detail/CVE-2021-27965
CVE-2021-27964 SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file. https://nvd.nist.gov/vuln/detail/CVE-2021-27964
CVE-2021-27963 SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header. https://nvd.nist.gov/vuln/detail/CVE-2021-27963
CVE-2021-27940 resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-27940
CVE-2021-27935 An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. https://nvd.nist.gov/vuln/detail/CVE-2021-27935
CVE-2021-27931 LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-27931
CVE-2021-27927 In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x before 5.2.4rc1, and 5.3.x and 5.4.x before 5.4.0alpha1, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. https://nvd.nist.gov/vuln/detail/CVE-2021-27927
CVE-2021-27907 Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code. https://nvd.nist.gov/vuln/detail/CVE-2021-27907
CVE-2021-27885 usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. https://nvd.nist.gov/vuln/detail/CVE-2021-27885
CVE-2021-27839 A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. https://nvd.nist.gov/vuln/detail/CVE-2021-27839
CVE-2021-27592 When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27592
CVE-2021-27591 When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27591
CVE-2021-27590 When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27590
CVE-2021-27589 When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27589
CVE-2021-27588 When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27588
CVE-2021-27587 When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27587
CVE-2021-27586 When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27586
CVE-2021-27585 When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27585
CVE-2021-27584 When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-27584
CVE-2021-27581 The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-27581
CVE-2021-27365 An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. https://nvd.nist.gov/vuln/detail/CVE-2021-27365
CVE-2021-27364 An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. https://nvd.nist.gov/vuln/detail/CVE-2021-27364
CVE-2021-27363 An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. https://nvd.nist.gov/vuln/detail/CVE-2021-27363
CVE-2021-27257 This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362. https://nvd.nist.gov/vuln/detail/CVE-2021-27257
CVE-2021-27256 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. https://nvd.nist.gov/vuln/detail/CVE-2021-27256
CVE-2021-27255 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. https://nvd.nist.gov/vuln/detail/CVE-2021-27255
CVE-2021-27254 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. https://nvd.nist.gov/vuln/detail/CVE-2021-27254
CVE-2021-27222 In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. https://nvd.nist.gov/vuln/detail/CVE-2021-27222
CVE-2021-27217 An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product. https://nvd.nist.gov/vuln/detail/CVE-2021-27217
CVE-2021-27215 An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user. https://nvd.nist.gov/vuln/detail/CVE-2021-27215
CVE-2021-27099 In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27099
CVE-2021-27098 In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1. https://nvd.nist.gov/vuln/detail/CVE-2021-27098
CVE-2021-26989 Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access. https://nvd.nist.gov/vuln/detail/CVE-2021-26989
CVE-2021-26988 Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs. https://nvd.nist.gov/vuln/detail/CVE-2021-26988
CVE-2021-26971 A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. https://nvd.nist.gov/vuln/detail/CVE-2021-26971
CVE-2021-26970 A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. https://nvd.nist.gov/vuln/detail/CVE-2021-26970
CVE-2021-26969 A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. https://nvd.nist.gov/vuln/detail/CVE-2021-26969
CVE-2021-26968 A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. https://nvd.nist.gov/vuln/detail/CVE-2021-26968
CVE-2021-26967 A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. https://nvd.nist.gov/vuln/detail/CVE-2021-26967
CVE-2021-26966 A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. https://nvd.nist.gov/vuln/detail/CVE-2021-26966
CVE-2021-26965 A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. https://nvd.nist.gov/vuln/detail/CVE-2021-26965
CVE-2021-26964 A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. https://nvd.nist.gov/vuln/detail/CVE-2021-26964
CVE-2021-26963 A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. https://nvd.nist.gov/vuln/detail/CVE-2021-26963
CVE-2021-26962 A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. https://nvd.nist.gov/vuln/detail/CVE-2021-26962
CVE-2021-26961 A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. https://nvd.nist.gov/vuln/detail/CVE-2021-26961
CVE-2021-26960 A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. https://nvd.nist.gov/vuln/detail/CVE-2021-26960
CVE-2021-26814 Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script. https://nvd.nist.gov/vuln/detail/CVE-2021-26814
CVE-2021-26788 Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have TCP connectivity to the target system. Receiving a maliciously crafted TCP packet from an unauthenticated endpoint is sufficient to trigger the bug. https://nvd.nist.gov/vuln/detail/CVE-2021-26788
CVE-2021-26705 An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes. https://nvd.nist.gov/vuln/detail/CVE-2021-26705
CVE-2021-26294 An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password). https://nvd.nist.gov/vuln/detail/CVE-2021-26294
CVE-2021-26293 An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x. https://nvd.nist.gov/vuln/detail/CVE-2021-26293
CVE-2021-26029 An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. https://nvd.nist.gov/vuln/detail/CVE-2021-26029
CVE-2021-26028 An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path. https://nvd.nist.gov/vuln/detail/CVE-2021-26028
CVE-2021-25915 Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-25915
CVE-2021-25347 Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed. https://nvd.nist.gov/vuln/detail/CVE-2021-25347
CVE-2021-25345 Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. https://nvd.nist.gov/vuln/detail/CVE-2021-25345
CVE-2021-25344 Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. https://nvd.nist.gov/vuln/detail/CVE-2021-25344
CVE-2021-25343 Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. https://nvd.nist.gov/vuln/detail/CVE-2021-25343
CVE-2021-25342 Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. https://nvd.nist.gov/vuln/detail/CVE-2021-25342
CVE-2021-25340 Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. https://nvd.nist.gov/vuln/detail/CVE-2021-25340
CVE-2021-25339 Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. https://nvd.nist.gov/vuln/detail/CVE-2021-25339
CVE-2021-25338 Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. https://nvd.nist.gov/vuln/detail/CVE-2021-25338
CVE-2021-25337 Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. https://nvd.nist.gov/vuln/detail/CVE-2021-25337
CVE-2021-25336 Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. https://nvd.nist.gov/vuln/detail/CVE-2021-25336
CVE-2021-25335 Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. https://nvd.nist.gov/vuln/detail/CVE-2021-25335
CVE-2021-25334 Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-25334
CVE-2021-25333 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code. https://nvd.nist.gov/vuln/detail/CVE-2021-25333
CVE-2021-25332 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition. https://nvd.nist.gov/vuln/detail/CVE-2021-25332
CVE-2021-25331 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition. https://nvd.nist.gov/vuln/detail/CVE-2021-25331
CVE-2021-25315 A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. https://nvd.nist.gov/vuln/detail/CVE-2021-25315
CVE-2021-25313 A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6. https://nvd.nist.gov/vuln/detail/CVE-2021-25313
CVE-2021-25252 Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. https://nvd.nist.gov/vuln/detail/CVE-2021-25252
CVE-2021-24033 react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you. https://nvd.nist.gov/vuln/detail/CVE-2021-24033
CVE-2021-23353 This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function. https://nvd.nist.gov/vuln/detail/CVE-2021-23353
CVE-2021-23352 This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function. https://nvd.nist.gov/vuln/detail/CVE-2021-23352
CVE-2021-23351 The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in the code, a deliberately malformed V1 header could be used to exhaust memory in a server process using this code - and create a DoS. This can be exploited by sending a stream starting with PROXY and continuing to send data (which does not contain a newline) until the target stops acknowledging. The risk here is small, because only trusted sources should be allowed to send proxy protocol headers. https://nvd.nist.gov/vuln/detail/CVE-2021-23351
CVE-2021-23273 The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0. https://nvd.nist.gov/vuln/detail/CVE-2021-23273
CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. https://nvd.nist.gov/vuln/detail/CVE-2021-22884
CVE-2021-22883 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. https://nvd.nist.gov/vuln/detail/CVE-2021-22883
CVE-2021-22878 Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. https://nvd.nist.gov/vuln/detail/CVE-2021-22878
CVE-2021-22877 A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. https://nvd.nist.gov/vuln/detail/CVE-2021-22877
CVE-2021-22681 Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. https://nvd.nist.gov/vuln/detail/CVE-2021-22681
CVE-2021-22189 Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. https://nvd.nist.gov/vuln/detail/CVE-2021-22189
CVE-2021-22188 An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. https://nvd.nist.gov/vuln/detail/CVE-2021-22188
CVE-2021-22183 An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. https://nvd.nist.gov/vuln/detail/CVE-2021-22183
CVE-2021-22134 A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view. https://nvd.nist.gov/vuln/detail/CVE-2021-22134
CVE-2021-22128 An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. https://nvd.nist.gov/vuln/detail/CVE-2021-22128
CVE-2021-21979 In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application. https://nvd.nist.gov/vuln/detail/CVE-2021-21979
CVE-2021-21978 VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. https://nvd.nist.gov/vuln/detail/CVE-2021-21978
CVE-2021-21725 A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2. https://nvd.nist.gov/vuln/detail/CVE-2021-21725
CVE-2021-21510 Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. https://nvd.nist.gov/vuln/detail/CVE-2021-21510
CVE-2021-21506 PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation. https://nvd.nist.gov/vuln/detail/CVE-2021-21506
CVE-2021-21503 PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation. https://nvd.nist.gov/vuln/detail/CVE-2021-21503
CVE-2021-21493 When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-21493
CVE-2021-21488 Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. https://nvd.nist.gov/vuln/detail/CVE-2021-21488
CVE-2021-21487 SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-21487
CVE-2021-21486 SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-21486
CVE-2021-21484 LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. https://nvd.nist.gov/vuln/detail/CVE-2021-21484
CVE-2021-21481 The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. https://nvd.nist.gov/vuln/detail/CVE-2021-21481
CVE-2021-21480 SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by Users having at least SAP_XMII_Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. https://nvd.nist.gov/vuln/detail/CVE-2021-21480
CVE-2021-21369 Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prior to making any requests to an API endpoint the requestor must use the login endpoint to obtain a JSON web token (JWT) using their credentials. A single user can readily overload the login endpoint with invalid requests (incorrect password). As the supplied password is checked for validity on the main vertx event loop and takes a relatively long time this can cause the processing of other valid requests to fail. A valid username is required for this vulnerability to be exposed. This has been fixed in version 1.5.1. https://nvd.nist.gov/vuln/detail/CVE-2021-21369
CVE-2021-21362 MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses MinIO multi-users. This is fixed in version RELEASE.2021-03-04T00-53-13Z. As a workaround, one can disable uploads with `Content-Type: multipart/form-data` as mentioned in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO. https://nvd.nist.gov/vuln/detail/CVE-2021-21362
CVE-2021-21361 The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0. https://nvd.nist.gov/vuln/detail/CVE-2021-21361
CVE-2021-21360 Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. The problem has been fixed in version 2.1.1. Depending on how you have installed Products.GenericSetup, you should change the buildout version pin to 2.1.1 and re-run the buildout, or if you used pip simply do pip install `"Products.GenericSetup>=2.1.1"`. https://nvd.nist.gov/vuln/detail/CVE-2021-21360
CVE-2021-21354 Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com/". An attacker can redirect anyone to malicious sites. To Reproduce type in this URL: "https://pollbot.services.mozilla.com//evil.com/". Affected versions will redirect to that website when you inject a payload like "//evil.com/". This is fixed in version 1.4.4. https://nvd.nist.gov/vuln/detail/CVE-2021-21354
CVE-2021-21337 Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install "Products.PluggableAuthService>=2.6.1". https://nvd.nist.gov/vuln/detail/CVE-2021-21337
CVE-2021-21336 Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install "Products.PluggableAuthService>=2.6.0"`. https://nvd.nist.gov/vuln/detail/CVE-2021-21336
CVE-2021-21335 In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of spnego-http-auth-nginx-module. As a workaround, one may disable basic authentication. https://nvd.nist.gov/vuln/detail/CVE-2021-21335
CVE-2021-21331 The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. The method `prepareDownloadFilecreates` creates a temporary file with the permissions bits of `-rw-r--r--` on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded via the `downloadFileFromResponse` method will be visible to all other users on the local system. Analysis of the finding determined that the affected code was unused, meaning that the exploitation likelihood is low. The unused code has been removed, effectively mitigating this issue. This issue has been patched in version 1.0.0-beta.9. As a workaround one may specify `java.io.tmpdir` when starting the JVM with the flag `-Djava.io.tmpdir`, specifying a path to a directory with `drw-------` permissions owned by `dd-agent`. https://nvd.nist.gov/vuln/detail/CVE-2021-21331
CVE-2021-21329 RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b. https://nvd.nist.gov/vuln/detail/CVE-2021-21329
CVE-2021-21327 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to carry out malicious attacks, or to start a “POP chain”. As an example of direct impact, this vulnerability affects integrity of the GLPI core platform and third-party plugins runtime misusing classes which implement some sensitive operations in their constructors or destructors. This is fixed in version 9.5.4. https://nvd.nist.gov/vuln/detail/CVE-2021-21327
CVE-2021-21326 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4. https://nvd.nist.gov/vuln/detail/CVE-2021-21326
CVE-2021-21325 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-site scripting attack. To exploit this endpoint attacker need to be authenticated. This is fixed in version 9.5.4. https://nvd.nist.gov/vuln/detail/CVE-2021-21325
CVE-2021-21324 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the ability to enumerate GLPI items names (including users logins) using the knowbase search form (requires authentication). To Reproduce: Perform a valid authentication at your GLPI instance, Browse the ticket list and select any open ticket, click on Solution form, then Search a solution form that will redirect you to the endpoint /"glpi/front/knowbaseitem.php?item_itemtype=Ticket&item_items_id=18&forcetab=Knowbase$1", and the item_itemtype=Ticket parameter present in the previous URL will point to the PHP alias of glpi_tickets table, so just replace it with "Users" to point to glpi_users table instead; in the same way, item_items_id=18 will point to the related column id, so changing it too you should be able to enumerate all the content which has an alias. Since such id(s) are obviously incremental, a malicious party could exploit the vulnerability simply by guessing-based attempts. https://nvd.nist.gov/vuln/detail/CVE-2021-21324
CVE-2021-21312 GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: "Web Link" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: " accesskey="x" onclick="alert(1)" x=", the content will be saved within the database without any control. And then once you return to the summary documents page, by clicking on the "Web Link" of the newly created file it will create a new empty tab, but on the initial tab the pop-up "1" will appear. https://nvd.nist.gov/vuln/detail/CVE-2021-21312
CVE-2021-21300 Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. https://nvd.nist.gov/vuln/detail/CVE-2021-21300
CVE-2021-21295 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. https://nvd.nist.gov/vuln/detail/CVE-2021-21295
CVE-2021-21190 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. https://nvd.nist.gov/vuln/detail/CVE-2021-21190
CVE-2021-21189 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21189
CVE-2021-21188 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21188
CVE-2021-21187 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. https://nvd.nist.gov/vuln/detail/CVE-2021-21187
CVE-2021-21186 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. https://nvd.nist.gov/vuln/detail/CVE-2021-21186
CVE-2021-21185 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. https://nvd.nist.gov/vuln/detail/CVE-2021-21185
CVE-2021-21184 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21184
CVE-2021-21183 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21183
CVE-2021-21182 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21182
CVE-2021-21181 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21181
CVE-2021-21180 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21180
CVE-2021-21179 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21179
CVE-2021-21178 Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21178
CVE-2021-21177 Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21177
CVE-2021-21176 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21176
CVE-2021-21175 Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21175
CVE-2021-21174 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21174
CVE-2021-21173 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21173
CVE-2021-21172 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21172
CVE-2021-21171 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21171
CVE-2021-21170 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21170
CVE-2021-21169 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21169
CVE-2021-21168 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21168
CVE-2021-21167 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21167
CVE-2021-21166 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21166
CVE-2021-21165 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21165
CVE-2021-21164 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21164
CVE-2021-21163 Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. https://nvd.nist.gov/vuln/detail/CVE-2021-21163
CVE-2021-21162 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21162
CVE-2021-21161 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21161
CVE-2021-21160 Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21160
CVE-2021-21159 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-21159
CVE-2021-20665 Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-20665
CVE-2021-20664 Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-20664
CVE-2021-20663 Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2021-20663
CVE-2021-20341 IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513. https://nvd.nist.gov/vuln/detail/CVE-2021-20341
CVE-2021-20276 A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-20276
CVE-2021-20275 A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-20275
CVE-2021-20274 A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. https://nvd.nist.gov/vuln/detail/CVE-2021-20274
CVE-2021-20273 A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. https://nvd.nist.gov/vuln/detail/CVE-2021-20273
CVE-2021-20272 A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. https://nvd.nist.gov/vuln/detail/CVE-2021-20272
CVE-2021-20268 An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20268
CVE-2021-20263 A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. https://nvd.nist.gov/vuln/detail/CVE-2021-20263
CVE-2021-20262 A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20262
CVE-2021-20255 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20255
CVE-2021-20253 A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20253
CVE-2021-20246 A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20246
CVE-2021-20245 A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20245
CVE-2021-20244 A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20244
CVE-2021-20243 A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20243
CVE-2021-20241 A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20241
CVE-2021-20233 A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20233
CVE-2021-20225 A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20225
CVE-2021-20076 Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. https://nvd.nist.gov/vuln/detail/CVE-2021-20076
CVE-2020-8357 A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations. https://nvd.nist.gov/vuln/detail/CVE-2020-8357
CVE-2020-8356 An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file. https://nvd.nist.gov/vuln/detail/CVE-2020-8356
CVE-2020-5148 SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. https://nvd.nist.gov/vuln/detail/CVE-2020-5148
CVE-2020-5014 IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247. https://nvd.nist.gov/vuln/detail/CVE-2020-5014
CVE-2020-4975 IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435. https://nvd.nist.gov/vuln/detail/CVE-2020-4975
CVE-2020-4903 IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105. https://nvd.nist.gov/vuln/detail/CVE-2020-4903
CVE-2020-4695 IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2020-4695
CVE-2020-36255 An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. https://nvd.nist.gov/vuln/detail/CVE-2020-36255
CVE-2020-35636 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-35636
CVE-2020-35628 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-35628
CVE-2020-35594 Zoho ManageEngine ADManager Plus before 7066 allows XSS. https://nvd.nist.gov/vuln/detail/CVE-2020-35594
CVE-2020-35524 A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-35524
CVE-2020-35523 An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-35523
CVE-2020-35522 In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. https://nvd.nist.gov/vuln/detail/CVE-2020-35522
CVE-2020-35521 A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. https://nvd.nist.gov/vuln/detail/CVE-2020-35521
CVE-2020-35451 There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. https://nvd.nist.gov/vuln/detail/CVE-2020-35451
CVE-2020-35327 SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php https://nvd.nist.gov/vuln/detail/CVE-2020-35327
CVE-2020-29658 Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation. https://nvd.nist.gov/vuln/detail/CVE-2020-29658
CVE-2020-29134 TOTVS Fluig Platform allows directory traversal via a base64 encoded in paremeter "file=../" to a volume/stream/ URI. This affects: Fluig Lake 1.7.0-210217, Fluig Lake 1.7.0-210209, Fluig Lake 1.7.0-210112, Fluig Lake 1.7.0-201222, Fluig Lake 1.7.0-201215, Fluig Lake 1.7.0-201201,Fluig Lake 1.7.0-201124, Fluig Lake 1.7.0-201117, Fluig Lake 1.7.0-201103, Fluig Lake 1.7.0-201027, Fluig Lake 1.7.0-201020, Fluig Lake 1.7.0-201013, Fluig Lake 1.7.0-201006, Fluig Lake 1.7.0-200915, Fluig Lake 1.7.0-200907, Fluig Lake 1.7.0-200901, Fluig Lake 1.7.0-200825, Fluig Lake 1.7.0-200818, Fluig Lake 1.7.0-200804, Fluig Lake 1.7.0-200616), Fluig 1.6.5-200915, Fluig 1.6.5-200128, Fluig 1.6.5-191029, and Fluig 1.6.4-181026. https://nvd.nist.gov/vuln/detail/CVE-2020-29134
CVE-2020-29047 The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php. https://nvd.nist.gov/vuln/detail/CVE-2020-29047
CVE-2020-29032 Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022 https://nvd.nist.gov/vuln/detail/CVE-2020-29032
CVE-2020-29030 Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. https://nvd.nist.gov/vuln/detail/CVE-2020-29030
CVE-2020-29029 Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. https://nvd.nist.gov/vuln/detail/CVE-2020-29029
CVE-2020-29028 Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. https://nvd.nist.gov/vuln/detail/CVE-2020-29028
CVE-2020-29020 Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. https://nvd.nist.gov/vuln/detail/CVE-2020-29020
CVE-2020-28952 An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: "01030507090b0d0f00020406080a0c0d" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices. https://nvd.nist.gov/vuln/detail/CVE-2020-28952
CVE-2020-28636 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-28636
CVE-2020-28601 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-28601
CVE-2020-28597 A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice. https://nvd.nist.gov/vuln/detail/CVE-2020-28597
CVE-2020-28591 An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-28591
CVE-2020-28466 This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git. https://nvd.nist.gov/vuln/detail/CVE-2020-28466
CVE-2020-28150 I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect. https://nvd.nist.gov/vuln/detail/CVE-2020-28150
CVE-2020-28050 Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. https://nvd.nist.gov/vuln/detail/CVE-2020-28050
CVE-2020-27838 A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2020-27838
CVE-2020-27779 A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-27779
CVE-2020-27749 A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-27749
CVE-2020-27576 Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-27576
CVE-2020-27575 Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. https://nvd.nist.gov/vuln/detail/CVE-2020-27575
CVE-2020-27574 Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user. https://nvd.nist.gov/vuln/detail/CVE-2020-27574
CVE-2020-27225 In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. https://nvd.nist.gov/vuln/detail/CVE-2020-27225
CVE-2020-25647 A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-25647
CVE-2020-25639 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. https://nvd.nist.gov/vuln/detail/CVE-2020-25639
CVE-2020-25632 A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-25632
CVE-2020-24914 A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. https://nvd.nist.gov/vuln/detail/CVE-2020-24914
CVE-2020-24912 A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. https://nvd.nist.gov/vuln/detail/CVE-2020-24912
CVE-2020-24036 PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. https://nvd.nist.gov/vuln/detail/CVE-2020-24036
CVE-2020-23967 Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\\SYSTEM due to insufficient control during autoupdate. https://nvd.nist.gov/vuln/detail/CVE-2020-23967
CVE-2020-15938 When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. https://nvd.nist.gov/vuln/detail/CVE-2020-15938
CVE-2020-14372 A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-14372
CVE-2020-13554 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. https://nvd.nist.gov/vuln/detail/CVE-2020-13554
CVE-2019-25025 The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782. https://nvd.nist.gov/vuln/detail/CVE-2019-25025
CVE-2019-18630 On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure. https://nvd.nist.gov/vuln/detail/CVE-2019-18630
CVE-2019-18629 Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. https://nvd.nist.gov/vuln/detail/CVE-2019-18629
CVE-2019-18351 An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. https://nvd.nist.gov/vuln/detail/CVE-2019-18351
CVE-2014-9323 The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. https://nvd.nist.gov/vuln/detail/CVE-2014-9323
CVE-2014-8578 Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. https://nvd.nist.gov/vuln/detail/CVE-2014-8578
CVE-2014-8124 OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. https://nvd.nist.gov/vuln/detail/CVE-2014-8124
CVE-2014-3594 Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name. https://nvd.nist.gov/vuln/detail/CVE-2014-3594
CVE-2014-3475 Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. https://nvd.nist.gov/vuln/detail/CVE-2014-3475
CVE-2014-3474 Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. https://nvd.nist.gov/vuln/detail/CVE-2014-3474
CVE-2014-3473 Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. https://nvd.nist.gov/vuln/detail/CVE-2014-3473
CVE-2014-1520 maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process. https://nvd.nist.gov/vuln/detail/CVE-2014-1520
CVE-2013-6858 Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. https://nvd.nist.gov/vuln/detail/CVE-2013-6858
CVE-2013-4560 Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. https://nvd.nist.gov/vuln/detail/CVE-2013-4560
CVE-2013-4471 The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. https://nvd.nist.gov/vuln/detail/CVE-2013-4471
CVE-2012-0392 The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. https://nvd.nist.gov/vuln/detail/CVE-2012-0392
CVE-2011-4362 Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. https://nvd.nist.gov/vuln/detail/CVE-2011-4362
CVE-2011-0762 The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. https://nvd.nist.gov/vuln/detail/CVE-2011-0762
CVE-2009-20001 An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. https://nvd.nist.gov/vuln/detail/CVE-2009-20001
CVE-2008-6714 admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie. https://nvd.nist.gov/vuln/detail/CVE-2008-6714
CVE-2006-6576 Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634. https://nvd.nist.gov/vuln/detail/CVE-2006-6576
CVE-2021-21313 GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads (due to two different exploitations depending on which parameter you act) to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript\:alert\(document.cookie)&_itemtype=DisplayPreference&_glpi_tab=DisplayPreference$2&id=258&displaytype=Ticket (Payload triggered if you click on the button). /ajax/common.tabs.php?_target=/front/ticket.form.php&_itemtype=Ticket&_glpi_tab=Ticket$1&id=(){};(function%20(){alert\(document.cookie);})();function%20a&#. https://nvd.nist.gov/vuln/detail/CVE-2021-21313