Security Bulletin 7 Apr 2021

Published on 07 Apr 2021

Updated on 14 Apr 2021

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-6287 SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. 10 https://nvd.nist.gov/vuln/detail/CVE-2020-6287
CVE-2021-22987 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-22987
CVE-2021-21345 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21345
CVE-2021-3378 FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3378
CVE-2021-3197 An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3197
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3177
CVE-2021-3148 An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3148
CVE-2021-3129 Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3129
CVE-2021-29940 An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29940
CVE-2021-29937 An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size(). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29937
CVE-2021-29936 An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29936
CVE-2021-29417 gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29417
CVE-2021-28967 The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28967
CVE-2021-28955 git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28955
CVE-2021-28834 Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28834
CVE-2021-28794 The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28794
CVE-2021-28673 Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with "a weaponized clone file" to execute arbitrary commands in the Web User Interface. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28673
CVE-2021-28672 Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28672
CVE-2021-28671 Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 have a remote Command Execution vulnerability in the Web User Interface that allows remote attackers with "a weaponized clone file" to execute arbitrary commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28671
CVE-2021-28668 Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28668
CVE-2021-27193 Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27193
CVE-2021-26810 D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26810
CVE-2021-26714 The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26714
CVE-2021-26701 .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26701
CVE-2021-26295 Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26295
CVE-2021-26120 Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26120
CVE-2021-25283 An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25283
CVE-2021-25281 An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25281
CVE-2021-25149 A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25149
CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23358
CVE-2021-22992 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22992
CVE-2021-22991 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22991
CVE-2021-22986 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22986
CVE-2021-21350 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21350
CVE-2021-21347 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21347
CVE-2021-21346 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21346
CVE-2021-21344 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21344
CVE-2021-1628 MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1628
CVE-2021-1627 MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1627
CVE-2021-1626 MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1626
CVE-2020-9480 In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9480
CVE-2020-7247 smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7247
CVE-2020-6207 SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6207
CVE-2020-35636 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35636
CVE-2020-35308 CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35308
CVE-2020-35138 The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the com/mobileiron/common/utils/C4928m.java file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35138
CVE-2020-28636 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28636
CVE-2020-28601 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28601
CVE-2020-28172 A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28172
CVE-2020-27846 A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27846
CVE-2020-25583 In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25583
CVE-2020-25577 In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25577
CVE-2020-25218 Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25218
CVE-2020-24636 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24636
CVE-2020-24391 mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24391
CVE-2020-1946 In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1946
CVE-2020-17523 Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17523
CVE-2020-17510 Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17510
CVE-2020-15227 Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15227
CVE-2019-5319 A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5319
CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17571
CVE-2019-14906 A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-14906
CVE-2019-12419 Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12419
CVE-2018-5382 The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-5382
CVE-2018-14009 Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-14009
CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-5645
CVE-2017-15708 In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-15708
CVE-2016-4464 The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-4464
CVE-2016-4422 The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-4422
CVE-2016-3147 Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-3147
CVE-2012-0803 The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2012-0803
CVE-2021-3144 In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3144
CVE-2021-28918 Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28918
CVE-2021-28670 Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28670
CVE-2021-25282 An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25282
CVE-2021-23921 An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23921
CVE-2021-23005 On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23005
CVE-2021-22989 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22989
CVE-2021-21982 VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21982
CVE-2021-21351 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21351
CVE-2021-21342 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21342
CVE-2021-20078 Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20078
CVE-2019-20445 HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-20445
CVE-2019-20444 HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-20444
CVE-2019-20367 nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-20367

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2021-3133 The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3133
CVE-2021-29658 The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29658
CVE-2021-28792 The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28792
CVE-2021-27243 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11924. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27243
CVE-2021-27242 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27242
CVE-2021-27239 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27239
CVE-2021-26919 Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26919
CVE-2021-25924 In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25924
CVE-2021-25646 Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25646
CVE-2021-25150 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25150
CVE-2021-25144 A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25144
CVE-2021-23988 Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23988
CVE-2021-23987 Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23987
CVE-2021-23363 This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23363
CVE-2021-23348 This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23348
CVE-2021-22993 On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22993
CVE-2021-22988 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22988
CVE-2021-22538 A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own. This occurs due to insufficient checks on the allowed set of permissions. The new user creation event would be captured in the Event Log. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22538
CVE-2021-21782 An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21782
CVE-2021-21638 A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21638
CVE-2021-21633 A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21633
CVE-2021-21629 A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21629
CVE-2021-21412 Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values (since GPG only available in non-browser env). However, if GPG encrypted values are used/required: 1. Perform a regex search for `#gpg`-tagged values in the EGF source file/string and check for backtick (\\`) chars in the encrypted value string 2. Replace/remove them or skip parsing if present. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21412
CVE-2021-21389 BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21389
CVE-2021-21372 Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21372
CVE-2021-21190 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21190
CVE-2021-21188 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21188
CVE-2021-21180 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21180
CVE-2021-21179 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21179
CVE-2021-21174 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21174
CVE-2021-21169 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21169
CVE-2021-21167 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21167
CVE-2021-21166 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21166
CVE-2021-21165 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21165
CVE-2021-21162 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21162
CVE-2021-21161 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21161
CVE-2021-21160 Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21160
CVE-2021-21159 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21159
CVE-2020-8112 opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8112
CVE-2020-7468 In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7468
CVE-2020-6507 Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6507
CVE-2020-35135 The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35135
CVE-2020-28695 Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28695
CVE-2020-27920 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27920
CVE-2020-19641 An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19641
CVE-2020-19639 Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19639
CVE-2020-13936 An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13936
CVE-2017-7662 Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7662
CVE-2017-7661 Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7661
CVE-2017-12631 Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-12631
CVE-2020-25582 In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. 8.7 https://nvd.nist.gov/vuln/detail/CVE-2020-25582
CVE-2021-22659 Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-22659
CVE-2021-21349 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-21349
CVE-2020-25097 An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-25097
CVE-2021-21332 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-21332
CVE-2020-35517 A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-35517
CVE-2020-11988 Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-11988
CVE-2021-28546 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to modify content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28546
CVE-2021-27245 This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27245
CVE-2021-25162 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25162
CVE-2021-25148 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25148
CVE-2021-23981 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23981
CVE-2021-23923 An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23923
CVE-2021-21772 A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21772
CVE-2021-21172 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21172
CVE-2021-20235 There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20235
CVE-2020-28052 An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28052
CVE-2019-13616 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-13616
CVE-2018-8039 It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-8039
CVE-2017-7571 public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. 8 https://nvd.nist.gov/vuln/detail/CVE-2017-7571
CVE-2021-29098 Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29098
CVE-2021-29097 Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29097
CVE-2021-29096 A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29096
CVE-2021-28954 In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28954
CVE-2021-28953 The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28953
CVE-2021-28818 The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28818
CVE-2021-28791 The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28791
CVE-2021-28790 The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28790
CVE-2021-28789 The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28789
CVE-2021-28660 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28660
CVE-2021-28375 An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28375
CVE-2021-27579 Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27579
CVE-2021-27365 An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27365
CVE-2021-27271 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27271
CVE-2021-27270 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12230. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27270
CVE-2021-27269 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-12390. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27269
CVE-2021-27268 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12295. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27268
CVE-2021-27267 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12294. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27267
CVE-2021-27261 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12269. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27261
CVE-2021-27240 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27240
CVE-2021-26930 An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26930
CVE-2021-25352 Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25352
CVE-2021-25349 Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25349
CVE-2021-21776 An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21776
CVE-2021-21773 An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21773
CVE-2021-21420 vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21420
CVE-2021-20226 A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20226
CVE-2021-20194 There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20194
CVE-2020-9147 A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9147
CVE-2020-7850 NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7850
CVE-2020-6656 Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6656
CVE-2020-6655 The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6655
CVE-2020-28243 An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28243
CVE-2020-27931 A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27931
CVE-2020-27924 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27924
CVE-2020-27923 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27923
CVE-2020-27922 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27922
CVE-2020-27919 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27919
CVE-2020-27918 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27918
CVE-2020-27814 A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27814
CVE-2020-24995 Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24995
CVE-2020-12497 PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12497
CVE-2020-10642 In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10642
CVE-2019-19787 ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19787
CVE-2019-19786 ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19786
CVE-2019-19785 ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19785
CVE-2017-8927 Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-8927
CVE-2017-6669 Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-6669
CVE-2017-2886 A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2886
CVE-2020-7467 In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2020-7467
CVE-2021-29938 An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29938
CVE-2021-29933 An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29933
CVE-2021-29932 An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29932
CVE-2021-29931 An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop(). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29931
CVE-2021-29930 An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default(). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29930
CVE-2021-29929 An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29929
CVE-2021-29376 ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29376
CVE-2021-29255 MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29255
CVE-2021-29249 BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29249
CVE-2021-28994 kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28994
CVE-2021-28937 The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28937
CVE-2021-28936 The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28936
CVE-2021-28831 decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28831
CVE-2021-28669 Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28669
CVE-2021-28245 PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28245
CVE-2021-28165 In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28165
CVE-2021-28117 libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28117
CVE-2021-27358 The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27358
CVE-2021-26119 Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26119
CVE-2021-25143 A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25143
CVE-2021-23924 An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23924
CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23840
CVE-2021-23004 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23004
CVE-2021-23003 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23003
CVE-2021-23000 On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23000
CVE-2021-22999 On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22999
CVE-2021-22997 On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22997
CVE-2021-22996 On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22996
CVE-2021-22995 On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22995
CVE-2021-22506 Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22506
CVE-2021-21975 Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21975
CVE-2021-21727 A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33> 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21727
CVE-2021-21348 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21348
CVE-2021-21343 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21343
CVE-2021-21341 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21341
CVE-2021-20679 Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20679
CVE-2021-1460 A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1460
CVE-2021-1437 A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1437
CVE-2020-8286 curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8286
CVE-2020-8285 curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8285
CVE-2020-8231 Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8231
CVE-2020-8169 curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8169
CVE-2020-7238 Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7238
CVE-2020-6851 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6851
CVE-2020-5398 In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5398
CVE-2020-36281 Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36281
CVE-2020-36279 Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36279
CVE-2020-36278 Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36278
CVE-2020-36277 Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36277
CVE-2020-36002 Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36002
CVE-2020-35733 An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35733
CVE-2020-27543 The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27543
CVE-2020-26797 Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26797
CVE-2020-25581 In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25581
CVE-2020-19640 An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-19640
CVE-2020-19613 Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-19613
CVE-2020-13933 Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13933
CVE-2020-13432 rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13432
CVE-2020-11612 The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11612
CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10663
CVE-2019-12423 Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12423
CVE-2019-0222 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-0222
CVE-2018-8038 Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8038
CVE-2018-13982 Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-13982
CVE-2018-1110 A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-1110
CVE-2017-6751 A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-6751
CVE-2017-5656 Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-5656
CVE-2017-3156 The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-3156
CVE-2016-8739 The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-8739
CVE-2015-5175 Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-5175
CVE-2021-3450 The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3450
CVE-2021-1439 A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1439
CVE-2020-35662 In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-35662
CVE-2021-29942 An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29942
CVE-2021-29941 An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29941
CVE-2021-29939 An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29939
CVE-2021-29935 An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29935
CVE-2021-29934 An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29934
CVE-2020-7461 In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7461
CVE-2021-25146 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-25146
CVE-2021-22990 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-22990
CVE-2021-20206 An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-20206
CVE-2020-7712 This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-7712
CVE-2020-6234 SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-6234
CVE-2020-28173 Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-28173
CVE-2020-26820 SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-26820
CVE-2020-25217 Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-25217
CVE-2020-24635 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-24635
CVE-2019-11539 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-11539
CVE-2018-13790 A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2018-13790
CVE-2021-27364 An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27364
CVE-2021-25353 Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25353
CVE-2021-20502 IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20502
CVE-2021-20482 IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20482
CVE-2020-8177 curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-8177
CVE-2020-15075 OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15075
CVE-2021-3348 nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-3348
CVE-2021-20271 A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-20271
CVE-2020-35508 A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-35508
CVE-2020-27921 A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-27921
CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-27216
CVE-2021-29095 Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29095
CVE-2021-29094 Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29094
CVE-2021-29093 A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29093
CVE-2021-1452 A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set. An attacker could exploit this vulnerability by setting malicious values for a specific ROMMON variable. A successful exploit could allow the attacker to execute unsigned code and bypass the image verification check during the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated, physical access to the device or obtain privileged access to the root shell on the device. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1452
CVE-2019-5317 A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5317
CVE-2017-5646 For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2017-5646
CVE-2021-25372 An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25372
CVE-2021-25371 A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25371
CVE-2021-1449 A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1449
CVE-2021-1371 A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2021-1371
CVE-2021-29416 An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29416
CVE-2021-29251 BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29251
CVE-2021-28038 An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28038
CVE-2021-27244 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11925. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27244
CVE-2021-26597 An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26597
CVE-2021-26581 A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26581
CVE-2021-25159 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25159
CVE-2021-25155 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25155
CVE-2021-25145 A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25145
CVE-2021-23986 A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23986
CVE-2021-23985 If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23985
CVE-2021-23984 A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23984
CVE-2021-23983 By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23983
CVE-2021-23982 Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23982
CVE-2021-23890 Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23890
CVE-2021-21983 Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21983
CVE-2021-21637 A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21637
CVE-2021-21634 Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21634
CVE-2021-21632 A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21632
CVE-2021-21421 node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21421
CVE-2021-21396 wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the `GET /users/list-clients` endpoint. The endpoint could be used by any logged in user who could request client details of any other user (no connection required) as far as they can find their User ID. The exposed metadata included id, class, type, location, time, and cookie. A user on a Wire backend could use this endpoint to find registration time and location for each device for a given list of users. As a workaround, remove `/list-clients` from nginx config. This has been fixed in version 2021-03-02. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21396
CVE-2021-21182 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21182
CVE-2021-21181 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21181
CVE-2021-21178 Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21178
CVE-2021-21177 Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21177
CVE-2021-21176 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21176
CVE-2021-21175 Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21175
CVE-2021-21173 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21173
CVE-2021-21171 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21171
CVE-2021-21170 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21170
CVE-2021-21168 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21168
CVE-2021-21164 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21164
CVE-2021-21163 Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21163
CVE-2021-20291 A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20291
CVE-2021-20234 An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20234
CVE-2020-35773 The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35773
CVE-2020-35137 The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35137
CVE-2020-28591 An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28591
CVE-2020-16040 Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16040
CVE-2020-15389 jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15389
CVE-2020-10730 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10730
CVE-2019-20808 In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-20808
CVE-2019-12406 Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12406
CVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20197
CVE-2021-30002 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2021-30002
CVE-2020-19642 An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2020-19642
CVE-2021-3275 Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3275
CVE-2021-3189 The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3189
CVE-2021-29652 Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29652
CVE-2021-29651 Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29651
CVE-2021-29272 bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29272
CVE-2021-29271 remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29271
CVE-2021-29267 Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29267
CVE-2021-28796 Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28796
CVE-2021-27349 Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27349
CVE-2021-27241 This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27241
CVE-2021-26580 A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.80 or later. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26580
CVE-2021-25894 Magnolia CMS contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25894
CVE-2021-25161 A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25161
CVE-2021-23925 An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23925
CVE-2021-23006 On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23006
CVE-2021-22994 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22994
CVE-2021-21476 SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21476
CVE-2021-21333 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21333
CVE-2021-1629 Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-1629
CVE-2020-25840 Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25840
CVE-2020-24550 An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24550
CVE-2020-23839 A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23839
CVE-2020-19643 Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-19643
CVE-2020-13954 By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13954
CVE-2019-3826 A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-3826
CVE-2019-17573 By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-17573
CVE-2019-12962 LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-12962
CVE-2018-13380 A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2018-13380
CVE-2017-7725 concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2017-7725
CVE-2016-6812 The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-6812
CVE-2016-10510 Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-10510
CVE-2015-5532 Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2015-5532
CVE-2020-27171 An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. 6 https://nvd.nist.gov/vuln/detail/CVE-2020-27171
CVE-2021-3449 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-3449
CVE-2021-25158 A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-25158
CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-23841
CVE-2021-23336 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-23336
CVE-2021-21373 Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21373
CVE-2021-21295 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21295
CVE-2020-28972 In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-28972
CVE-2018-10237 Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2018-10237
CVE-2016-4830 Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2016-4830
CVE-2011-2487 The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2011-2487
CVE-2021-3479 There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3479
CVE-2021-3478 There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3478
CVE-2021-3477 There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3477
CVE-2021-29650 An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29650
CVE-2021-29649 An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29649
CVE-2021-29648 An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29648
CVE-2021-29647 An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29647
CVE-2021-29646 An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29646
CVE-2021-28657 A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28657
CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27906
CVE-2021-27807 A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27807
CVE-2021-26932 An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26932
CVE-2021-26931 An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26931
CVE-2021-26579 A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26579
CVE-2021-25369 An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25369
CVE-2021-21411 OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in `--gitlab-group` added to the new `X-Forwarded-Groups` header to the upstream application. While adding GitLab project based authorization support in #630, a bug was introduced where the user session's groups field was populated with the `--gitlab-group` config entries instead of pulling the individual user's group membership from the GitLab Userinfo endpoint. When the session groups where compared against the allowed groups for authorization, they matched improperly (since both lists were populated with the same data) so authorization was allowed. This impacts GitLab Provider users who relies on group membership for authorization restrictions. Any authenticated users in your GitLab environment can access your applications regardless of `--gitlab-group` membership restrictions. This is patched in v7.1.0. There is no workaround for the Group membership bug. But `--gitlab-project` can be set to use Project membership as the authorization checks instead of groups; it is not broken. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21411
CVE-2021-21290 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21290
CVE-2021-20284 A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20284
CVE-2021-20227 A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20227
CVE-2021-20193 A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20193
CVE-2020-9149 An application error verification vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to modify and delete user SMS messages. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9149
CVE-2020-9148 An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9148
CVE-2020-9146 A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to cause memory leakage and doS attacks by carefully constructing attack scenarios. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9146
CVE-2020-7463 In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7463
CVE-2020-7462 In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7462
CVE-2020-4944 IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain in plain text after a manuel edit, which can be read by a local user. IBM X-Force ID: 191944. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-4944
CVE-2020-4884 IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-4884
CVE-2020-27845 There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27845
CVE-2020-27843 A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27843
CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27842
CVE-2020-27841 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27841
CVE-2020-27618 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27618
CVE-2020-16599 A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16599
CVE-2020-16593 A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16593
CVE-2020-16591 A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils through 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16591
CVE-2020-16590 A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils through 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16590
CVE-2020-15250 In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15250
CVE-2017-6834 Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-6834
CVE-2017-6831 Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-6831
CVE-2017-5976 Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-5976
CVE-2017-5975 Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-5975
CVE-2017-5974 Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-5974
CVE-2017-14928 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-14928
CVE-2017-14926 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-14926
CVE-2017-12624 Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-12624
CVE-2021-29343 Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-29343
CVE-2021-28935 CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-28935
CVE-2021-28047 Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-28047
CVE-2021-27352 An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-27352
CVE-2021-26596 An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-26596
CVE-2021-25893 Magnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25893
CVE-2021-23922 An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23922
CVE-2021-21635 Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21635
CVE-2021-21630 Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21630
CVE-2021-21628 Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21628
CVE-2021-21418 ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21418
CVE-2021-21398 PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21398
CVE-2021-20520 IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20520
CVE-2021-20518 IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20518
CVE-2021-20506 IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20506
CVE-2021-20504 IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20504
CVE-2021-20503 IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20503
CVE-2021-20447 IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20447
CVE-2021-20352 IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20352
CVE-2020-4848 IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4848
CVE-2020-20545 Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-20545
CVE-2020-19619 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-19619
CVE-2020-19618 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-19618
CVE-2020-19617 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-19617
CVE-2020-19616 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-19616
CVE-2020-1725 A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-1725
CVE-2021-3476 A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3476
CVE-2021-3475 There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3475
CVE-2021-3474 There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3474
CVE-2021-3470 A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3470
CVE-2021-3391 MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3391
CVE-2021-29642 GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29642
CVE-2021-29418 The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29418
CVE-2021-27220 An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27220
CVE-2021-26540 Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\\\example.com". 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26540
CVE-2021-23362 The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23362
CVE-2021-23007 On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23007
CVE-2021-22998 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22998
CVE-2021-22876 curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22876
CVE-2021-20296 A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20296
CVE-2021-20289 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20289
CVE-2020-7464 In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7464
CVE-2020-36286 The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36286
CVE-2020-36238 The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36238
CVE-2020-35518 When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-35518
CVE-2020-27223 In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-27223
CVE-2020-25580 In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-25580
CVE-2020-25579 In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-25579
CVE-2020-25578 In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-25578
CVE-2020-1954 Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1954
CVE-2018-1109 A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1109
CVE-2018-1107 It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1107
CVE-2017-5653 JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2017-5653
CVE-2021-27653 Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27653
CVE-2021-25160 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-25160
CVE-2021-25157 A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-25157
CVE-2021-25156 A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-25156
CVE-2021-29663 CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever anyone visits the registration page. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29663
CVE-2021-27969 Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27969
CVE-2020-27170 An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-27170
CVE-2021-23002 When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 4.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23002
CVE-2021-27363 An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-27363
CVE-2021-25370 An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25370
CVE-2021-25284 An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25284
CVE-2021-20077 Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20077
CVE-2021-1423 A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1423
CVE-2021-26072 The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26072
CVE-2021-23001 On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23001
CVE-2021-22177 Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22177
CVE-2021-21636 A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21636
CVE-2021-21631 Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21631
CVE-2021-21189 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21189
CVE-2021-21187 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21187
CVE-2021-21186 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21186
CVE-2021-21185 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21185
CVE-2021-21184 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21184
CVE-2021-21183 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21183
CVE-2019-18252 BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18252
CVE-2019-18248 BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18248
CVE-2019-18246 BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18246
CVE-2021-22890 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-22890
CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8284
CVE-2021-26071 The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26071
CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. 3.4 https://nvd.nist.gov/vuln/detail/CVE-2014-3566
CVE-2021-27266 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12293. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27266
CVE-2021-27265 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12292. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27265
CVE-2021-27264 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12291. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27264
CVE-2021-27263 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12290. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27263
CVE-2021-27262 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12270. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27262
CVE-2021-20263 A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20263
CVE-2020-8908 A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-8908
CVE-2021-20677 UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20677
CVE-2021-21416 django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password). 2.6 https://nvd.nist.gov/vuln/detail/CVE-2021-21416
CVE-2021-25755 In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. 2.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25755
CVE-2021-3447 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2. https://nvd.nist.gov/vuln/detail/CVE-2021-3447
CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. https://nvd.nist.gov/vuln/detail/CVE-2021-3393
CVE-2021-3374 Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. https://nvd.nist.gov/vuln/detail/CVE-2021-3374
CVE-2021-30164 Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. https://nvd.nist.gov/vuln/detail/CVE-2021-30164
CVE-2021-30163 Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. https://nvd.nist.gov/vuln/detail/CVE-2021-30163
CVE-2021-30162 An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). https://nvd.nist.gov/vuln/detail/CVE-2021-30162
CVE-2021-30161 An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021). https://nvd.nist.gov/vuln/detail/CVE-2021-30161
CVE-2021-30158 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. https://nvd.nist.gov/vuln/detail/CVE-2021-30158
CVE-2021-30157 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. https://nvd.nist.gov/vuln/detail/CVE-2021-30157
CVE-2021-30154 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. https://nvd.nist.gov/vuln/detail/CVE-2021-30154
CVE-2021-30151 Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. https://nvd.nist.gov/vuln/detail/CVE-2021-30151
CVE-2021-30150 Composr 10.0.36 allows XSS in an XML script. https://nvd.nist.gov/vuln/detail/CVE-2021-30150
CVE-2021-30149 Composr 10.0.36 allows upload and execution of PHP files. https://nvd.nist.gov/vuln/detail/CVE-2021-30149
CVE-2021-30146 Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." https://nvd.nist.gov/vuln/detail/CVE-2021-30146
CVE-2021-30144 The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. https://nvd.nist.gov/vuln/detail/CVE-2021-30144
CVE-2021-30140 LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. https://nvd.nist.gov/vuln/detail/CVE-2021-30140
CVE-2021-30130 phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. https://nvd.nist.gov/vuln/detail/CVE-2021-30130
CVE-2021-30127 TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround. https://nvd.nist.gov/vuln/detail/CVE-2021-30127
CVE-2021-30126 Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query. https://nvd.nist.gov/vuln/detail/CVE-2021-30126
CVE-2021-30125 Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. https://nvd.nist.gov/vuln/detail/CVE-2021-30125
CVE-2021-30109 Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. https://nvd.nist.gov/vuln/detail/CVE-2021-30109
CVE-2021-30074 docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. https://nvd.nist.gov/vuln/detail/CVE-2021-30074
CVE-2021-30072 An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. https://nvd.nist.gov/vuln/detail/CVE-2021-30072
CVE-2021-30058 Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-30058
CVE-2021-30057 A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters. https://nvd.nist.gov/vuln/detail/CVE-2021-30057
CVE-2021-30056 Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. https://nvd.nist.gov/vuln/detail/CVE-2021-30056
CVE-2021-30055 A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report. https://nvd.nist.gov/vuln/detail/CVE-2021-30055
CVE-2021-30046 VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-30046
CVE-2021-30045 SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. https://nvd.nist.gov/vuln/detail/CVE-2021-30045
CVE-2021-30004 In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. https://nvd.nist.gov/vuln/detail/CVE-2021-30004
CVE-2021-30003 An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. https://nvd.nist.gov/vuln/detail/CVE-2021-30003
CVE-2021-30000 An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-30000
CVE-2021-29996 Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. https://nvd.nist.gov/vuln/detail/CVE-2021-29996
CVE-2021-29662 The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. https://nvd.nist.gov/vuln/detail/CVE-2021-29662
CVE-2021-29661 Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. https://nvd.nist.gov/vuln/detail/CVE-2021-29661
CVE-2021-29660 A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. https://nvd.nist.gov/vuln/detail/CVE-2021-29660
CVE-2021-29424 The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. https://nvd.nist.gov/vuln/detail/CVE-2021-29424
CVE-2021-29421 models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. https://nvd.nist.gov/vuln/detail/CVE-2021-29421
CVE-2021-29349 Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. https://nvd.nist.gov/vuln/detail/CVE-2021-29349
CVE-2021-29261 The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration. https://nvd.nist.gov/vuln/detail/CVE-2021-29261
CVE-2021-29136 Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. https://nvd.nist.gov/vuln/detail/CVE-2021-29136
CVE-2021-29083 Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-29083
CVE-2021-29012 DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen. https://nvd.nist.gov/vuln/detail/CVE-2021-29012
CVE-2021-29011 DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). https://nvd.nist.gov/vuln/detail/CVE-2021-29011
CVE-2021-28970 eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. https://nvd.nist.gov/vuln/detail/CVE-2021-28970
CVE-2021-28969 eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software. https://nvd.nist.gov/vuln/detail/CVE-2021-28969
CVE-2021-28941 Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. https://nvd.nist.gov/vuln/detail/CVE-2021-28941
CVE-2021-28940 Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands. https://nvd.nist.gov/vuln/detail/CVE-2021-28940
CVE-2021-28874 SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file. https://nvd.nist.gov/vuln/detail/CVE-2021-28874
CVE-2021-28832 VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. https://nvd.nist.gov/vuln/detail/CVE-2021-28832
CVE-2021-28688 The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. https://nvd.nist.gov/vuln/detail/CVE-2021-28688
CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-28658
CVE-2021-28545 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to show arbitrary content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. https://nvd.nist.gov/vuln/detail/CVE-2021-28545
CVE-2021-28209 The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. https://nvd.nist.gov/vuln/detail/CVE-2021-28209
CVE-2021-28208 The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. https://nvd.nist.gov/vuln/detail/CVE-2021-28208
CVE-2021-28207 The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. https://nvd.nist.gov/vuln/detail/CVE-2021-28207
CVE-2021-28206 The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. https://nvd.nist.gov/vuln/detail/CVE-2021-28206
CVE-2021-28205 The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. https://nvd.nist.gov/vuln/detail/CVE-2021-28205
CVE-2021-28204 The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. https://nvd.nist.gov/vuln/detail/CVE-2021-28204
CVE-2021-28203 The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. https://nvd.nist.gov/vuln/detail/CVE-2021-28203
CVE-2021-28202 The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28202
CVE-2021-28201 The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28201
CVE-2021-28200 The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28200
CVE-2021-28199 The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28199
CVE-2021-28198 The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28198
CVE-2021-28197 The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28197
CVE-2021-28196 The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28196
CVE-2021-28195 The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28195
CVE-2021-28194 The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28194
CVE-2021-28193 The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28193
CVE-2021-28192 The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28192
CVE-2021-28191 The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28191
CVE-2021-28190 The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28190
CVE-2021-28189 The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28189
CVE-2021-28188 The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28188
CVE-2021-28187 The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28187
CVE-2021-28186 The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28186
CVE-2021-28185 The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28185
CVE-2021-28184 The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28184
CVE-2021-28183 The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28183
CVE-2021-28182 The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28182
CVE-2021-28181 The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28181
CVE-2021-28180 The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28180
CVE-2021-28179 The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28179
CVE-2021-28178 The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28178
CVE-2021-28177 The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28177
CVE-2021-28176 The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28176
CVE-2021-28175 The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. https://nvd.nist.gov/vuln/detail/CVE-2021-28175
CVE-2021-28173 The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login. https://nvd.nist.gov/vuln/detail/CVE-2021-28173
CVE-2021-28172 There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. https://nvd.nist.gov/vuln/detail/CVE-2021-28172
CVE-2021-28171 The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie. https://nvd.nist.gov/vuln/detail/CVE-2021-28171
CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. https://nvd.nist.gov/vuln/detail/CVE-2021-28164
CVE-2021-28163 In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. https://nvd.nist.gov/vuln/detail/CVE-2021-28163
CVE-2021-28142 CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." https://nvd.nist.gov/vuln/detail/CVE-2021-28142
CVE-2021-28124 A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster. https://nvd.nist.gov/vuln/detail/CVE-2021-28124
CVE-2021-28123 Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. https://nvd.nist.gov/vuln/detail/CVE-2021-28123
CVE-2021-28113 A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. https://nvd.nist.gov/vuln/detail/CVE-2021-28113
CVE-2021-28075 iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2021-28075
CVE-2021-27973 SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. https://nvd.nist.gov/vuln/detail/CVE-2021-27973
CVE-2021-27900 The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected. https://nvd.nist.gov/vuln/detail/CVE-2021-27900
CVE-2021-27899 The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected. https://nvd.nist.gov/vuln/detail/CVE-2021-27899
CVE-2021-27698 RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. https://nvd.nist.gov/vuln/detail/CVE-2021-27698
CVE-2021-27697 RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function. https://nvd.nist.gov/vuln/detail/CVE-2021-27697
CVE-2021-27357 RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. https://nvd.nist.gov/vuln/detail/CVE-2021-27357
CVE-2021-27343 SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1. https://nvd.nist.gov/vuln/detail/CVE-2021-27343
CVE-2021-26943 The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3). https://nvd.nist.gov/vuln/detail/CVE-2021-26943
CVE-2021-26833 Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted. https://nvd.nist.gov/vuln/detail/CVE-2021-26833
CVE-2021-26718 KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. https://nvd.nist.gov/vuln/detail/CVE-2021-26718
CVE-2021-25692 Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. https://nvd.nist.gov/vuln/detail/CVE-2021-25692
CVE-2021-24212 The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. https://nvd.nist.gov/vuln/detail/CVE-2021-24212
CVE-2021-24211 The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser. https://nvd.nist.gov/vuln/detail/CVE-2021-24211
CVE-2021-24210 There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain. https://nvd.nist.gov/vuln/detail/CVE-2021-24210
CVE-2021-24209 The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. https://nvd.nist.gov/vuln/detail/CVE-2021-24209
CVE-2021-24208 The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action. https://nvd.nist.gov/vuln/detail/CVE-2021-24208
CVE-2021-24207 By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. https://nvd.nist.gov/vuln/detail/CVE-2021-24207
CVE-2021-24206 In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. https://nvd.nist.gov/vuln/detail/CVE-2021-24206
CVE-2021-24205 In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. https://nvd.nist.gov/vuln/detail/CVE-2021-24205
CVE-2021-24204 In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. https://nvd.nist.gov/vuln/detail/CVE-2021-24204
CVE-2021-24203 In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. https://nvd.nist.gov/vuln/detail/CVE-2021-24203
CVE-2021-24202 In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. https://nvd.nist.gov/vuln/detail/CVE-2021-24202
CVE-2021-24201 In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. https://nvd.nist.gov/vuln/detail/CVE-2021-24201
CVE-2021-24196 The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized https://nvd.nist.gov/vuln/detail/CVE-2021-24196
CVE-2021-24187 The setting page of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin through 6.3 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute. https://nvd.nist.gov/vuln/detail/CVE-2021-24187
CVE-2021-24186 The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. https://nvd.nist.gov/vuln/detail/CVE-2021-24186
CVE-2021-24185 The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. https://nvd.nist.gov/vuln/detail/CVE-2021-24185
CVE-2021-24184 Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. https://nvd.nist.gov/vuln/detail/CVE-2021-24184
CVE-2021-24183 The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. https://nvd.nist.gov/vuln/detail/CVE-2021-24183
CVE-2021-24182 The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. https://nvd.nist.gov/vuln/detail/CVE-2021-24182
CVE-2021-24181 The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. https://nvd.nist.gov/vuln/detail/CVE-2021-24181
CVE-2021-24180 Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL. https://nvd.nist.gov/vuln/detail/CVE-2021-24180
CVE-2021-24177 In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response. https://nvd.nist.gov/vuln/detail/CVE-2021-24177
CVE-2021-24176 The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. https://nvd.nist.gov/vuln/detail/CVE-2021-24176
CVE-2021-24175 The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active. https://nvd.nist.gov/vuln/detail/CVE-2021-24175
CVE-2021-24174 The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups. https://nvd.nist.gov/vuln/detail/CVE-2021-24174
CVE-2021-24173 The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. https://nvd.nist.gov/vuln/detail/CVE-2021-24173
CVE-2021-24172 The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current . https://nvd.nist.gov/vuln/detail/CVE-2021-24172
CVE-2021-24171 The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-24171
CVE-2021-24170 The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2021-24170
CVE-2021-24169 This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. https://nvd.nist.gov/vuln/detail/CVE-2021-24169
CVE-2021-24168 The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator. https://nvd.nist.gov/vuln/detail/CVE-2021-24168
CVE-2021-24167 When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account. https://nvd.nist.gov/vuln/detail/CVE-2021-24167
CVE-2021-24166 The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. https://nvd.nist.gov/vuln/detail/CVE-2021-24166
CVE-2021-24165 In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. https://nvd.nist.gov/vuln/detail/CVE-2021-24165
CVE-2021-24164 In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. https://nvd.nist.gov/vuln/detail/CVE-2021-24164
CVE-2021-24163 The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. https://nvd.nist.gov/vuln/detail/CVE-2021-24163
CVE-2021-24162 In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site. https://nvd.nist.gov/vuln/detail/CVE-2021-24162
CVE-2021-24161 In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site. https://nvd.nist.gov/vuln/detail/CVE-2021-24161
CVE-2021-24160 In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site. https://nvd.nist.gov/vuln/detail/CVE-2021-24160
CVE-2021-24159 Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript. https://nvd.nist.gov/vuln/detail/CVE-2021-24159
CVE-2021-24158 Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration. https://nvd.nist.gov/vuln/detail/CVE-2021-24158
CVE-2021-24157 Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious. https://nvd.nist.gov/vuln/detail/CVE-2021-24157
CVE-2021-24156 Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation https://nvd.nist.gov/vuln/detail/CVE-2021-24156
CVE-2021-24155 The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. https://nvd.nist.gov/vuln/detail/CVE-2021-24155
CVE-2021-24154 The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd https://nvd.nist.gov/vuln/detail/CVE-2021-24154
CVE-2021-24153 A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found. https://nvd.nist.gov/vuln/detail/CVE-2021-24153
CVE-2021-24152 The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. https://nvd.nist.gov/vuln/detail/CVE-2021-24152
CVE-2021-24150 The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). https://nvd.nist.gov/vuln/detail/CVE-2021-24150
CVE-2021-24027 A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material. https://nvd.nist.gov/vuln/detail/CVE-2021-24027
CVE-2021-24026 A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write. https://nvd.nist.gov/vuln/detail/CVE-2021-24026
CVE-2021-22865 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program. https://nvd.nist.gov/vuln/detail/CVE-2021-22865
CVE-2021-22696 CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. https://nvd.nist.gov/vuln/detail/CVE-2021-22696
CVE-2021-22203 An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. https://nvd.nist.gov/vuln/detail/CVE-2021-22203
CVE-2021-22202 An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. https://nvd.nist.gov/vuln/detail/CVE-2021-22202
CVE-2021-22201 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. https://nvd.nist.gov/vuln/detail/CVE-2021-22201
CVE-2021-22200 An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. https://nvd.nist.gov/vuln/detail/CVE-2021-22200
CVE-2021-22198 An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. https://nvd.nist.gov/vuln/detail/CVE-2021-22198
CVE-2021-22197 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other https://nvd.nist.gov/vuln/detail/CVE-2021-22197
CVE-2021-22196 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. https://nvd.nist.gov/vuln/detail/CVE-2021-22196
CVE-2021-22195 Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system https://nvd.nist.gov/vuln/detail/CVE-2021-22195
CVE-2021-22158 The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected. https://nvd.nist.gov/vuln/detail/CVE-2021-22158
CVE-2021-22157 Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. https://nvd.nist.gov/vuln/detail/CVE-2021-22157
CVE-2021-21533 Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details https://nvd.nist.gov/vuln/detail/CVE-2021-21533
CVE-2021-21532 Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. https://nvd.nist.gov/vuln/detail/CVE-2021-21532
CVE-2021-21529 Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. https://nvd.nist.gov/vuln/detail/CVE-2021-21529
CVE-2021-21423 `projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen's `NodeProject` project type (including any project type derived from it) include a `.github/workflows/rebuild-bot.yml` workflow that may allow any GitHub user to trigger execution of un-trusted code in the context of the "main" repository (as opposed to that of a fork). In some situations, such untrusted code may potentially be able to commit to the "main" repository. The rebuild-bot workflow is triggered by comments including `@projen rebuild` on pull-request to trigger a re-build of the projen project, and updating the pull request with the updated files. This workflow is triggered by an `issue_comment` event, and thus always executes with a `GITHUB_TOKEN` belonging to the repository into which the pull-request is made (this is in contrast with workflows triggered by `pull_request` events, which always execute with a `GITHUB_TOKEN` belonging to the repository from which the pull-request is made). Repositories that do not have branch protection configured on their default branch (typically `main` or `master`) could possibly allow an untrusted user to gain access to secrets configured on the repository (such as NPM tokens, etc). Branch protection prohibits this escalation, as the managed `GITHUB_TOKEN` would not be able to modify the contents of a protected branch and affected workflows must be defined on the default branch. https://nvd.nist.gov/vuln/detail/CVE-2021-21423
CVE-2021-21413 isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an environment where the implementer has exposed a Reference instance to an attacker they would be able to use it to acquire a Reference to the nodejs context's Function object. Similar application-specific attacks could be possible by modifying the local prototype of other API objects. Access to NativeModule objects could allow an attacker to load and run native code from anywhere on the filesystem. If combined with, for example, a file upload API this would allow for arbitrary code execution. This is addressed in v4.0.0 through a series of related changes. https://nvd.nist.gov/vuln/detail/CVE-2021-21413
CVE-2021-21409 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. https://nvd.nist.gov/vuln/detail/CVE-2021-21409
CVE-2021-21404 Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0. https://nvd.nist.gov/vuln/detail/CVE-2021-21404
CVE-2021-21400 wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0. https://nvd.nist.gov/vuln/detail/CVE-2021-21400
CVE-2021-20334 A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows. https://nvd.nist.gov/vuln/detail/CVE-2021-20334
CVE-2021-20308 Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. https://nvd.nist.gov/vuln/detail/CVE-2021-20308
CVE-2021-20307 Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. https://nvd.nist.gov/vuln/detail/CVE-2021-20307
CVE-2021-20305 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20305
CVE-2021-1879 This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. https://nvd.nist.gov/vuln/detail/CVE-2021-1879
CVE-2021-1871 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. https://nvd.nist.gov/vuln/detail/CVE-2021-1871
CVE-2021-1870 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. https://nvd.nist.gov/vuln/detail/CVE-2021-1870
CVE-2021-1844 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1844
CVE-2021-1818 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1818
CVE-2021-1806 A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-1806
CVE-2021-1805 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-1805
CVE-2021-1803 The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents. https://nvd.nist.gov/vuln/detail/CVE-2021-1803
CVE-2021-1802 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-1802
CVE-2021-1801 This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. https://nvd.nist.gov/vuln/detail/CVE-2021-1801
CVE-2021-1800 A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. https://nvd.nist.gov/vuln/detail/CVE-2021-1800
CVE-2021-1799 A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. https://nvd.nist.gov/vuln/detail/CVE-2021-1799
CVE-2021-1797 The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files. https://nvd.nist.gov/vuln/detail/CVE-2021-1797
CVE-2021-1796 An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1796
CVE-2021-1795 An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1795
CVE-2021-1794 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1794
CVE-2021-1793 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1793
CVE-2021-1792 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1792
CVE-2021-1791 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory. https://nvd.nist.gov/vuln/detail/CVE-2021-1791
CVE-2021-1790 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1790
CVE-2021-1789 A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1789
CVE-2021-1788 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1788
CVE-2021-1787 Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-1787
CVE-2021-1786 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files. https://nvd.nist.gov/vuln/detail/CVE-2021-1786
CVE-2021-1785 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1785
CVE-2021-1783 An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1783
CVE-2021-1782 A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.. https://nvd.nist.gov/vuln/detail/CVE-2021-1782
CVE-2021-1781 A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information. https://nvd.nist.gov/vuln/detail/CVE-2021-1781
CVE-2021-1780 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack. https://nvd.nist.gov/vuln/detail/CVE-2021-1780
CVE-2021-1779 A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-1779
CVE-2021-1778 An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-1778
CVE-2021-1777 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1777
CVE-2021-1776 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1776
CVE-2021-1775 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1775
CVE-2021-1774 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1774
CVE-2021-1773 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-1773
CVE-2021-1772 A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1772
CVE-2021-1771 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group. https://nvd.nist.gov/vuln/detail/CVE-2021-1771
CVE-2021-1769 A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. https://nvd.nist.gov/vuln/detail/CVE-2021-1769
CVE-2021-1768 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1768
CVE-2021-1767 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption. https://nvd.nist.gov/vuln/detail/CVE-2021-1767
CVE-2021-1766 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-1766
CVE-2021-1765 This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. https://nvd.nist.gov/vuln/detail/CVE-2021-1765
CVE-2021-1764 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-1764
CVE-2021-1763 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1763
CVE-2021-1761 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-1761
CVE-2021-1760 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information. https://nvd.nist.gov/vuln/detail/CVE-2021-1760
CVE-2021-1759 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1759
CVE-2021-1758 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1758
CVE-2021-1757 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-1757
CVE-2021-1756 A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information. https://nvd.nist.gov/vuln/detail/CVE-2021-1756
CVE-2021-1755 A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. https://nvd.nist.gov/vuln/detail/CVE-2021-1755
CVE-2021-1754 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1754
CVE-2021-1753 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1753
CVE-2021-1751 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1751
CVE-2021-1750 Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-1750
CVE-2021-1748 A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1748
CVE-2021-1747 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1747
CVE-2021-1746 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1746
CVE-2021-1745 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1745
CVE-2021-1744 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1744
CVE-2021-1743 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1743
CVE-2021-1742 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1742
CVE-2021-1741 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1741
CVE-2021-1738 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1738
CVE-2021-1737 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1737
CVE-2021-1736 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-1736
CVE-2020-9995 An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. https://nvd.nist.gov/vuln/detail/CVE-2020-9995
CVE-2020-9978 This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state. https://nvd.nist.gov/vuln/detail/CVE-2020-9978
CVE-2020-9975 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-9975
CVE-2020-9971 A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-9971
CVE-2020-9967 Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. https://nvd.nist.gov/vuln/detail/CVE-2020-9967
CVE-2020-9962 A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-9962
CVE-2020-9960 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-9960
CVE-2020-9956 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-9956
CVE-2020-9955 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-9955
CVE-2020-9930 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory. https://nvd.nist.gov/vuln/detail/CVE-2020-9930
CVE-2020-9926 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-9926
CVE-2020-4997 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914 https://nvd.nist.gov/vuln/detail/CVE-2020-4997
CVE-2020-4792 IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441. https://nvd.nist.gov/vuln/detail/CVE-2020-4792
CVE-2020-36309 ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. https://nvd.nist.gov/vuln/detail/CVE-2020-36309
CVE-2020-36308 Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. https://nvd.nist.gov/vuln/detail/CVE-2020-36308
CVE-2020-36307 Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. https://nvd.nist.gov/vuln/detail/CVE-2020-36307
CVE-2020-36306 Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. https://nvd.nist.gov/vuln/detail/CVE-2020-36306
CVE-2020-36285 Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. https://nvd.nist.gov/vuln/detail/CVE-2020-36285
CVE-2020-36284 Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. https://nvd.nist.gov/vuln/detail/CVE-2020-36284
CVE-2020-29639 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory. https://nvd.nist.gov/vuln/detail/CVE-2020-29639
CVE-2020-29633 An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy. https://nvd.nist.gov/vuln/detail/CVE-2020-29633
CVE-2020-29625 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-29625
CVE-2020-29624 A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-29624
CVE-2020-29623 "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. https://nvd.nist.gov/vuln/detail/CVE-2020-29623
CVE-2020-29621 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences. https://nvd.nist.gov/vuln/detail/CVE-2020-29621
CVE-2020-29620 This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-29620
CVE-2020-29619 An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. https://nvd.nist.gov/vuln/detail/CVE-2020-29619
CVE-2020-29618 An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-29618
CVE-2020-29617 An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. https://nvd.nist.gov/vuln/detail/CVE-2020-29617
CVE-2020-29616 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-29616
CVE-2020-29615 An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2020-29615
CVE-2020-29614 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption. https://nvd.nist.gov/vuln/detail/CVE-2020-29614
CVE-2020-29613 A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain. https://nvd.nist.gov/vuln/detail/CVE-2020-29613
CVE-2020-29612 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-29612
CVE-2020-29611 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-29611
CVE-2020-29610 An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory. https://nvd.nist.gov/vuln/detail/CVE-2020-29610
CVE-2020-29608 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory. https://nvd.nist.gov/vuln/detail/CVE-2020-29608
CVE-2020-27952 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-27952
CVE-2020-27951 This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation. https://nvd.nist.gov/vuln/detail/CVE-2020-27951
CVE-2020-27949 This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace. https://nvd.nist.gov/vuln/detail/CVE-2020-27949
CVE-2020-27948 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-27948
CVE-2020-27947 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-27947
CVE-2020-27946 An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory. https://nvd.nist.gov/vuln/detail/CVE-2020-27946
CVE-2020-27945 An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-27945
CVE-2020-27944 A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-27944
CVE-2020-27943 A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-27943
CVE-2020-27941 A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-27941
CVE-2020-27939 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-27939
CVE-2020-27938 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-27938
CVE-2020-27937 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information. https://nvd.nist.gov/vuln/detail/CVE-2020-27937
CVE-2020-27936 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. https://nvd.nist.gov/vuln/detail/CVE-2020-27936
CVE-2020-27935 Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions. https://nvd.nist.gov/vuln/detail/CVE-2020-27935
CVE-2020-27933 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-27933
CVE-2020-27915 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-27915
CVE-2020-27914 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-27914
CVE-2020-27908 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-27908
CVE-2020-27907 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-27907
CVE-2020-27901 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. https://nvd.nist.gov/vuln/detail/CVE-2020-27901
CVE-2020-27899 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-27899
CVE-2020-27897 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-27897
CVE-2020-27893 An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen. https://nvd.nist.gov/vuln/detail/CVE-2020-27893
CVE-2020-27600 HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-27600
CVE-2020-23533 Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. https://nvd.nist.gov/vuln/detail/CVE-2020-23533
CVE-2020-21590 Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-21590
CVE-2020-21588 Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox. https://nvd.nist.gov/vuln/detail/CVE-2020-21588
CVE-2020-21585 Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. https://nvd.nist.gov/vuln/detail/CVE-2020-21585
CVE-2020-19596 Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. https://nvd.nist.gov/vuln/detail/CVE-2020-19596
CVE-2020-19595 Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username. https://nvd.nist.gov/vuln/detail/CVE-2020-19595
CVE-2020-17453 WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-17453
CVE-2020-13422 OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. https://nvd.nist.gov/vuln/detail/CVE-2020-13422
CVE-2020-13421 OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions. https://nvd.nist.gov/vuln/detail/CVE-2020-13421
CVE-2020-13420 OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. https://nvd.nist.gov/vuln/detail/CVE-2020-13420
CVE-2020-13419 OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. https://nvd.nist.gov/vuln/detail/CVE-2020-13419
CVE-2020-13418 OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. https://nvd.nist.gov/vuln/detail/CVE-2020-13418
CVE-2020-11925 An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model. https://nvd.nist.gov/vuln/detail/CVE-2020-11925
CVE-2020-11924 An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. https://nvd.nist.gov/vuln/detail/CVE-2020-11924
CVE-2020-11923 An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. https://nvd.nist.gov/vuln/detail/CVE-2020-11923
CVE-2020-11922 An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.) https://nvd.nist.gov/vuln/detail/CVE-2020-11922
CVE-2020-10015 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-10015
CVE-2020-10008 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information. https://nvd.nist.gov/vuln/detail/CVE-2020-10008
CVE-2020-10001 An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. https://nvd.nist.gov/vuln/detail/CVE-2020-10001
CVE-2019-25026 Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. https://nvd.nist.gov/vuln/detail/CVE-2019-25026
CVE-2019-20466 An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device. https://nvd.nist.gov/vuln/detail/CVE-2019-20466
CVE-2019-20465 An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality. https://nvd.nist.gov/vuln/detail/CVE-2019-20465
CVE-2019-20464 An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. https://nvd.nist.gov/vuln/detail/CVE-2019-20464
CVE-2019-20463 An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically. https://nvd.nist.gov/vuln/detail/CVE-2019-20463
CVE-2015-7299 SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. https://nvd.nist.gov/vuln/detail/CVE-2015-7299
CVE-2015-5253 The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." https://nvd.nist.gov/vuln/detail/CVE-2015-5253
CVE-2014-3677 Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. https://nvd.nist.gov/vuln/detail/CVE-2014-3677
CVE-2014-3623 Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2014-3623
CVE-2014-3584 The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. https://nvd.nist.gov/vuln/detail/CVE-2014-3584
CVE-2014-3577 org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. https://nvd.nist.gov/vuln/detail/CVE-2014-3577
CVE-2014-0110 Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. https://nvd.nist.gov/vuln/detail/CVE-2014-0110
CVE-2014-0109 Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. https://nvd.nist.gov/vuln/detail/CVE-2014-0109
CVE-2014-0035 The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. https://nvd.nist.gov/vuln/detail/CVE-2014-0035
CVE-2014-0034 The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. https://nvd.nist.gov/vuln/detail/CVE-2014-0034
CVE-2013-2160 The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. https://nvd.nist.gov/vuln/detail/CVE-2013-2160
CVE-2013-0239 Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. https://nvd.nist.gov/vuln/detail/CVE-2013-0239
CVE-2012-5633 The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. https://nvd.nist.gov/vuln/detail/CVE-2012-5633
CVE-2012-5575 Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." https://nvd.nist.gov/vuln/detail/CVE-2012-5575
CVE-2012-3451 Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. https://nvd.nist.gov/vuln/detail/CVE-2012-3451
CVE-2012-3268 Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. https://nvd.nist.gov/vuln/detail/CVE-2012-3268
CVE-2012-2379 Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. https://nvd.nist.gov/vuln/detail/CVE-2012-2379
CVE-2012-2378 Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. https://nvd.nist.gov/vuln/detail/CVE-2012-2378
CVE-2012-1255 SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2012-1255
CVE-2012-1254 Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2012-1254
CVE-2011-1096 The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." https://nvd.nist.gov/vuln/detail/CVE-2011-1096
CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. https://nvd.nist.gov/vuln/detail/CVE-2010-2808
CVE-2010-2807 FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. https://nvd.nist.gov/vuln/detail/CVE-2010-2807
CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. https://nvd.nist.gov/vuln/detail/CVE-2010-2806
CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. https://nvd.nist.gov/vuln/detail/CVE-2010-2805
CVE-2010-2541 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. https://nvd.nist.gov/vuln/detail/CVE-2010-2541
CVE-2010-2527 Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. https://nvd.nist.gov/vuln/detail/CVE-2010-2527
CVE-2010-2499 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. https://nvd.nist.gov/vuln/detail/CVE-2010-2499
CVE-2010-2498 The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. https://nvd.nist.gov/vuln/detail/CVE-2010-2498
CVE-2010-2076 Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. https://nvd.nist.gov/vuln/detail/CVE-2010-2076
CVE-2009-0946 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. https://nvd.nist.gov/vuln/detail/CVE-2009-0946
CVE-2007-2768 OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. https://nvd.nist.gov/vuln/detail/CVE-2007-2768
CVE-2007-2728 The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. https://nvd.nist.gov/vuln/detail/CVE-2007-2728
CVE-2007-2379 The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." https://nvd.nist.gov/vuln/detail/CVE-2007-2379
CVE-2006-2661 ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. https://nvd.nist.gov/vuln/detail/CVE-2006-2661
CVE-2002-0184 Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. https://nvd.nist.gov/vuln/detail/CVE-2002-0184